GNAP For MCP Authorization

Hiya,

I wrote a blog post in 2021 about Grant Negotiation and Authorization Protocol (GNAP), a next generation protocol solving similar problems as OAuth. GNAP was published as a full RFC in 2024 as RFC 9635.

Unlike OAuth 2.1, which rolls up changes to OAuth since good old RFC 7649 and 6750 were published in 2012 and presents them in one package for easier implementation, GNAP re-imagines a solution to the secure delegated access problem. GNAP was also designed in a different IETF working group, though with some overlap of membership.

GNAP is different from OAuth 2 in a number of ways, including:

• splitting the resource owner role into resource owner and end user

• using JSON for interactions rather than form posting

• supporting continuing a grant over time

There's more differences in the RFC, in Appendix A of the RFC. This section offers a nice overview of the protocol differences. GNAP is not widely implemented, however. Here’s a list of about ten known implementations from the GNAP working group.

GNAP came up recently during a discussion abourt model context protocol (MCP). I was intrigued to see a sample implementation from a former colleague, Isaac. He is using GNAP as an authorization protocol for an MCP server he is working on. This project is open source, with a GPL v3 license (contrary to the README). The project was also was mentioned in a discussion about the correct way for MCP clients and servers to interact.

Isaac is not alone in thinking GNAP could be useful for MCP. Justin Richer, one of the RFC authors, wrote about using GNAP for an agent authentication scenario.

I’m not sure how quickly the clients using MCP, like Claude Desktop, will evolve to handle new protocols, but it’s pretty cool to see real-world implementations of GNAP.

Cheers,

Dan

PS I also interviewed Justin for CIAM Weekly last year if you want more of his thoughts.