22. Authorization for remote MCP
Protect remote servers with OAuth-based discovery, authorization-server metadata, protected-resource metadata, PKCE, resource indicators, scopes, and token validation. Distinguish MCP authorization from authentication inside the underlying business system.