HackerTrans
トップ新着トレンドコメント過去質問紹介求人

norcalkc

no profile record

投稿

Underwater RF Communication at 700M Using Magnetoelectric Antennas

arxiv.org
5 ポイント·投稿者 norcalkc·先月·1 コメント

The Tinker Pledge

tinkerpledge.org
5 ポイント·投稿者 norcalkc·先月·1 コメント

What It Takes to Send Pixels

arewecooked.dev
3 ポイント·投稿者 norcalkc·6 か月前·0 コメント

Test your MCP Server for spec compliance, security, and agent-friendliness

mcpscan.dev
2 ポイント·投稿者 norcalkc·6 か月前·0 コメント

aileaks.dev - Community driven database of AI related security incidents

aileaks.dev
11 ポイント·投稿者 norcalkc·昨年·0 コメント

Vercel Ship

vercel.com
1 ポイント·投稿者 norcalkc·2 年前·0 コメント

Dolphin: Mastering the Art of Automated Droplet Movement

digitalocean.com
1 ポイント·投稿者 norcalkc·2 年前·0 コメント

コメント

norcalkc
·昨年·議論
Came here to ask this. Two arms? I'll pay.
norcalkc
·昨年·議論
> Allowing an execution environment to also access MCPs, tools, and user data requires careful design to where API keys are stored, and how tools are exposed.

If your tools are calling APIs on-behalf of users, it's better to use OAuth flows to enable users of the app to give explicit consent to the APIs/scopes they want the tools to access. That way, tools use scoped tokens to make calls instead of hard to manage, maintain API keys (or even client credentials).
norcalkc
·昨年·議論
If the apps the AI assistant is trying to connect to support OAuth 2.0, it's easy to setup a social connection (or a custom social connection) with Auth0 (Auth for GenAI). It allows you to connect to hundreds of API services, and configure the granularity of scopes you want to set at a per connection level.

Checkout the step-by-step quickstart [1] if you want to go through calling the Google Calendar API from an AI agent (Vercel AI SDK based in this case). There are also how-tos for other frameworks like LangGraph, GenKit, LlamaIndex, etc. Async authorization is also supported via CIBA (Client-Initiated Backchannel Authentication).

You can also secure remote MCP servers [1] with Auth0.

[0] https://auth0.com/ai/docs/call-others-apis-on-users-behalf [1] https://auth0.com/blog/secure-and-deploy-remote-mcp-servers-...

Disclosure: I work for Auth0.