Oracle Cloud Infrastructure Documentation

Registering an MCP Client

To connect to an MCP server, the MCP client needs to be registered. Registering an MCP client is important because it securely establishes the client’s identity and OAuth configuration so the MCP server can authenticate and authorize access, manage tokens safely, and associate requests with the correct user and permissions.

For more information, see Overview of Registering Clients.

For default client registration, complete the following steps:

Note

For advanced configurations, see Managing Application Integrations.
  1. In the Model Context Protocol Servers page, select the name of the existing MCP server.
  2. In the specific MCP server page, select the Clients tab.
  3. Click Register Model Context Protocol client.
  4. Enter the following fields:
    • Name: Enter a name for the MCP client.
    • Description: Add a short description.
    • Type: Select the client type that matches where the client will run:
      • Public: For a single-user client running on a desktop or mobile device.These clients cannot safely store secrets and credentials and only act on behalf of the user who is currently signed in..
      • Confidential: For a web application running on a secure server.These clients can store credentials securely and act on behalf of the signed-in user, using client credentials for authentication.
      • Trusted: For a server-side client running on a secure server that is allowed to act on behalf of any user. Trusted clients can store credentials securely and may access user resources without individual user consent.
    • Allowed grant types: Displays the grant types supported for the selected client type. For public registration, you see Authorization code and Refresh Token.
    • Allowed scope: Displays the set of OAuth scopes the MCP client is permitted to request.

      Scopes define which resources and operations an access token can access. The default scope is urn:opc:dbtools:mcpserver:all, which grants access to all primitives (tools, prompts, and resources).

    • Redirect URI: (Applicable only for Public and Confidential) Add the redirect URI used for sign-in and callback.

      A redirect URI is the pre-registered callback URL where IAM sends the user after sign-in so the client can receive the authorization response (such as an authorization code) and complete authentication.