Calling all AI enthusiasts! If you’ve been following our MCP development, this one is for you..
We’re excited to announce that the Exasol Model Context Protocol (MCP) Server now supports OAuth2 and OpenID Connect (OIDC) for secure, modern authentication and authorization.
The MCP server can now authenticate users and service accounts using OAuth2 tokens or OpenID Connect flows, rather than static credentials.This update enables seamless integration with your existing identity providers (IdPs) — such as Okta, Azure AD, Google, or any OIDC-compliant provider — giving you greater flexibility and centralized access control across your MCP environment.
- Check our our OpenID Setup Guide › to test it for yourself!
Choose the mode that best fits your needs:
-
Username/Password – still supported for local and testing environments.
-
OAuth2 / OIDC Tokens – recommended for production and multi-user deployments.
Impersonation and passthrough
-
Token passthrough: Under certain conditions, the access token can be extracted from the MCP Authentication context and used to open the database connection on behalf of the user calling an MCP tool.
-
Impersonation: If the users are not identified by access tokens in the database, but their names can be made visible through a claim, it is possible to make the connection using a separate MCP Server credentials, with subsequent impersonation of the user.
-
Check out our Database Connection Setup Guide › to determine which method is most appropriate
As always - feedback is welcome! Please test drive our MCP server and share your experience as we continue to iterate and improve our product!
Happy querying!