deep-dive

How MCP Affects OpenAI Plugin Authentication: A Technical Deep Dive

June 6, 2026 openai/plugins ↗

The Model Context Protocol (MCP) eliminates bespoke OAuth implementations by centralizing token exchange, automatic refresh, and secure credential injection across the OpenAI plugins ecosystem.

The Model Context Protocol (MCP) fundamentally transforms how OpenAI plugins handle authentication with third-party services. By standardizing the OAuth flow across the openai/plugins repository, MCP allows skills to delegate token management to specialized clients rather than implementing custom authentication logic. This shift reduces code duplication while enforcing consistent security patterns for third-party API integration.

Unified Token Handling via MCP Clients

MCP clients automatically perform the complete OAuth "authorization code" exchange and manage bearer token injection for every tool call. According to the Vercel skill implementation in plugins/vercel/skills/vercel-api/SKILL.md, the @ai-sdk/mcp client obtains OAuth tokens for user accounts and attaches them to subsequent MCP-exposed tools like get_runtime_logs without requiring additional plugin code.

Automatic OAuth Flow Management

The createMCPClient function from @ai-sdk/mcp encapsulates the entire grant flow, hiding complexity from the skill implementation. When initializing the client, developers specify OAuth scopes such as read:deployments or read:logs within the input schema, and the client handles the handshake transparently. As implemented in plugins/vercel/skills/ai-sdk/SKILL.md, this pattern allows AI agents to request operations like listing Vercel deployments while the MCP layer manages authentication silently.

import { createMCPClient } from "@ai-sdk/mcp";

const mcpClient = await createMCPClient({
  // The MCP server URL is auto-discovered from the Vercel project
  // OAuth scopes are declared in the skill's inputSchema
  scopes: ["read:deployments", "read:logs"],
});

// Calls the MCP-exposed tool list_projects – token is added automatically
const projects = await mcpClient.list_projects({});
console.log("Your Vercel projects:", projects);

Token Refresh and Lifecycle

MCP enforces strict security policies including refresh token rotation and centralized revocation. The Vercel skill documentation explicitly notes that "OAuth authentication for remote MCP servers is handled automatically," meaning plugins never need to implement refresh logic or secure storage mechanisms. The client manages token lifecycles transparently, ensuring valid credentials are always available for authenticated tool calls.

Discovery-First Authentication Architecture

Before falling back to raw REST calls, MCP-enabled skills query the MCP server for endpoint availability. If the server advertises an authenticated operation, the skill routes through the MCP client; otherwise, it implements alternative authentication strategies.

MCP Server Advertisement

When an MCP server exposes OAuth-enabled tools such as list_projects, the skill bypasses manual HTTP handling. This discovery mechanism, detailed in plugins/vercel/skills/vercel-api/SKILL.md, reduces duplicated code by allowing the MCP layer to negotiate authentication requirements dynamically.

Fallback Strategies for Non-MCP Services

Not all services utilize MCP, requiring skills to implement alternative authentication patterns. The Wix Headless skill in plugins/wix/skills/wix-headless/references/shared/AUTHENTICATION.md explicitly states "no MCP" for API calls, instead minting site-scoped tokens via the @wix/cli utility. This contrast highlights MCP's optional but preferred role in the authentication ecosystem.


# Mint a site-scoped token via the Wix CLI

siteToken=$(npx @wix/cli@latest token --site "$SITE_ID")

# Use the token with curl (no MCP involved)

curl -H "Authorization: Bearer $siteToken" \
     https://www.wixapis.com/stores/v1/products

Security Benefits of MCP Centralization

MCP provides enterprise-grade security controls without requiring plugin-specific implementations. The protocol enforces strict OAuth scopes, rotates refresh tokens automatically, and revokes compromised credentials centrally. Skills benefit from this out-of-the-box security model, as demonstrated by the Vercel implementation's automatic handling of token refresh and revocation cycles.

Summary

Centralized OAuth Management: MCP clients in openai/plugins handle the complete authorization code exchange, eliminating bespoke auth code in individual skills.
Automatic Token Injection: Tools like createMCPClient automatically attach bearer tokens to calls such as get_runtime_logs and list_projects.
Discovery-Based Routing: Skills query MCP servers first, falling back to CLI tokens or direct API calls only when MCP is unavailable, as shown in the Wix Headless implementation.
Built-in Security: Token rotation, refresh cycles, and revocation are managed centrally by the MCP layer, not by individual plugin implementations.

Frequently Asked Questions

How does MCP handle OAuth token refresh in OpenAI plugins?

The MCP client automatically manages token refresh cycles without explicit plugin intervention. According to the Vercel skill documentation in plugins/vercel/skills/vercel-api/SKILL.md, the client detects expired tokens and performs refresh operations transparently, ensuring continuous API access while maintaining security standards.

Can OpenAI plugins use MCP for some services but not others?

Yes, plugins implement conditional authentication based on MCP availability. The Wix Headless skill in plugins/wix/skills/wix-headless/references/shared/AUTHENTICATION.md demonstrates this by using CLI-minted tokens when MCP is unavailable, while Vercel skills utilize createMCPClient for MCP-enabled endpoints.

What specific OAuth scopes does MCP support for plugin authentication?

OAuth scopes are declared in the skill's inputSchema when initializing the MCP client. The Vercel implementation uses scopes like read:deployments and read:logs, which the MCP client requests during the authorization handshake before exposing tools such as list_projects.

Is custom token storage required when using MCP in OpenAI plugins?

No, custom token storage is unnecessary. The MCP client handles secure credential storage and injection automatically. As noted in the Vercel AI SDK skill (plugins/vercel/skills/ai-sdk/SKILL.md), the createMCPClient manages the entire token lifecycle, removing the need for plugins to implement secure vaults or caching mechanisms.

Have a question about this repo?

These articles cover the highlights, but your codebase questions are specific. Give your agent direct access to the source. Share this with your agent to get started:

Share the following with your agent to get started:

curl -s "https://instagit.com/install.md"

Add to your MCP client configuration:

{
  "mcpServers": {
    "instagit": {
      "command": "npx",
      "args": ["-y", "instagit@latest"]
    }
  }
}

Ask your agent:

"Use Instagit MCP to understand how openai/plugins works."

Works with

Claude Codex Cursor VS Code OpenClaw Any MCP Client

Maintain an open-source project? Get it listed too →