HackerTrans
TopNewTrendsCommentsPastAskShowJobs

norcalkc

no profile record

Submissions

Underwater RF Communication at 700M Using Magnetoelectric Antennas

arxiv.org
5 points·by norcalkc·last month·1 comments

The Tinker Pledge

tinkerpledge.org
5 points·by norcalkc·last month·1 comments

What It Takes to Send Pixels

arewecooked.dev
3 points·by norcalkc·6 months ago·0 comments

Test your MCP Server for spec compliance, security, and agent-friendliness

mcpscan.dev
2 points·by norcalkc·6 months ago·0 comments

aileaks.dev - Community driven database of AI related security incidents

aileaks.dev
11 points·by norcalkc·last year·0 comments

Vercel Ship

vercel.com
1 points·by norcalkc·2 years ago·0 comments

Dolphin: Mastering the Art of Automated Droplet Movement

digitalocean.com
1 points·by norcalkc·2 years ago·0 comments

comments

norcalkc
·last year·discuss
Came here to ask this. Two arms? I'll pay.
norcalkc
·last year·discuss
> Allowing an execution environment to also access MCPs, tools, and user data requires careful design to where API keys are stored, and how tools are exposed.

If your tools are calling APIs on-behalf of users, it's better to use OAuth flows to enable users of the app to give explicit consent to the APIs/scopes they want the tools to access. That way, tools use scoped tokens to make calls instead of hard to manage, maintain API keys (or even client credentials).
norcalkc
·last year·discuss
If the apps the AI assistant is trying to connect to support OAuth 2.0, it's easy to setup a social connection (or a custom social connection) with Auth0 (Auth for GenAI). It allows you to connect to hundreds of API services, and configure the granularity of scopes you want to set at a per connection level.

Checkout the step-by-step quickstart [1] if you want to go through calling the Google Calendar API from an AI agent (Vercel AI SDK based in this case). There are also how-tos for other frameworks like LangGraph, GenKit, LlamaIndex, etc. Async authorization is also supported via CIBA (Client-Initiated Backchannel Authentication).

You can also secure remote MCP servers [1] with Auth0.

[0] https://auth0.com/ai/docs/call-others-apis-on-users-behalf [1] https://auth0.com/blog/secure-and-deploy-remote-mcp-servers-...

Disclosure: I work for Auth0.