Authentication & Authorization

FrontMCP implements a flexible three-tier authentication system. Choose the right level for each deployment scenario — from open development servers to production multi-tenant systems.

Mode	How It Works	Best For
Public	No auth required, anonymous sessions	Development, testing, public APIs
Transparent	Pass-through tokens from external IdPs	Existing Auth0, Okta, Azure AD setups
Orchestrated	Full OAuth 2.1 server (local or remote)	Multi-app, federated auth, progressive auth

Auth Overview

Complete authentication guide

Auth Modes

Deep dive into all three modes

Progressive Auth

On-demand scope elevation

CIMD

Multi-account disambiguation

Local OAuth

Built-in OAuth 2.1 server

Remote OAuth

External IdP integration

Multi-App Composition

Deployment Targets

Get Started

FrontMCP

Features

Extensibility

Testing

Guides