What is the roadmap for OAuth 2.1 support?

[vvvlad]

Hi,
Would really like to get some explanation about the plans on OAuth 2.1 support,roadmap and the way it will work.

Given a existing mcp server that implements oauth (forwarding the user to authentication server and using a callback), how would this work with mcp forge and virtual server?

Would really appreciate some explanation about this.

Thanks!

p.s. Previous question about oauth referes to some other aspect and was not answered anyhow.

Authorization Flow Steps:

[crivetimihai]

Hi, this is detailed in our roadmap: https://ibm.github.io/mcp-context-forge/architecture/roadmap/ with features to support end-to-end OAuth 2.1 part of 0.5.0, 0.6.0, and 0.7.0 - though it will likely take another release or two to fully mature. Feel free to comment on the proposed implementation described in the various tickets:

Release 0.5.0 (Due: August 5, 2025)

Enterprise Authentication Features:

• #220 - Authentication & Authorization - SSO + Identity-Provider Integration
• #277 - Authentication & Authorization - GitHub SSO Integration Tutorial (Depends on [AUTH FEATURE]: Authentication & Authorization - SSO + Identity-Provider Integration #220)
• #278 - Authentication & Authorization - Google SSO Integration Tutorial (Depends on [AUTH FEATURE]: Authentication & Authorization - SSO + Identity-Provider Integration #220)
• #284 - LDAP / Active-Directory Integration
• #87 - Epic: JWT Token Catalog with Per-User Expiry and Revocation

Release 0.6.0 (Due: August 19, 2025)

API Authentication:

• #282 - Per-Virtual-Server API Keys with Scoped Access
• #208 - HTTP Header Passthrough (Critical for passing auth tokens/headers)

Release 0.7.0 (Due: September 2, 2025)

Access Control:

• #283 - Role-Based Access Control (RBAC) - User/Team/Global Scopes for full multi-tenancy support