<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>OAuth on Prasham H Trivedi</title><link>https://prashamhtrivedi.in/tags/oauth/</link><description>Recent content in OAuth on Prasham H Trivedi</description><generator>Hugo</generator><language>en</language><lastBuildDate>Thu, 16 Jul 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://prashamhtrivedi.in/tags/oauth/index.xml" rel="self" type="application/rss+xml"/><item><title>The 401 is the map: three OAuth primitives in my private MCP servers</title><link>https://prashamhtrivedi.in/mcp-oauth-primitives/</link><pubDate>Thu, 16 Jul 2026 00:00:00 +0000</pubDate><guid>https://prashamhtrivedi.in/mcp-oauth-primitives/</guid><description>MCP OAuth looks like alphabet soup until you watch one client actually connect. Follow a single connection to my private MCP server, from the first anonymous request to the first authorized tool call, and the whole spec collapses into three primitives that fire exactly once, in order. Plus the three hacks the current libraries forced on me, which no documentation will warn you about.</description></item></channel></rss>