Spring Office Hours

Spring Office Hours: S4E28 - Securing MCP Servers with Spring AI

16 snips
Oct 24, 2025
Guest
Daniel Garnier-Moiroux
Join Spring Security expert Daniel Garnier-Moiroux as he unpacks the world of MCP server security. With a focus on OAuth2 and API key integrations, he emphasizes the importance of secure public MCP servers to protect sensitive data. Daniel discusses the evolution of the MCP specification around security, best practices for implementing authorization, and the role of tools like the MCP Inspector for testing OAuth flows. Whether you're building enterprise applications or exploring new projects, Daniel's insights are crucial for a secure Spring AI ecosystem.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
INSIGHT

MCP Gives LLMs Context And Actions

  • MCP provides model-agnostic context and lets LLMs interact with external systems to avoid hallucinations.
  • It enables tools that both retrieve information and take actions like editing files or calling APIs.
INSIGHT

MCP Is Rapidly Becoming A Core AI Protocol

  • MCP adoption exploded quickly and resembles a unifying protocol for AI tooling.
  • It may become as foundational to AI as HTTP was to the internet, though standards are still evolving.
ADVICE

Choose Streamable Or Stateless Transport Deliberately

  • Use streamable HTTP when you need ongoing two-way interactions like forms, sampling, or progress updates.
  • Use stateless POST responses for simple request/response flows to avoid session complexity.
Get the Snipd Podcast app to discover more snips from this episode
Get the app