MCPProxy automatically detects and injects the RFC 8707 resource parameter for OAuth providers like Runlayer. This enables zero-configuration OAuth for servers advertising Protected Resource Metadata (RFC 9728).
- MCPProxy sends a preflight HEAD request to the MCP server URL
- If server returns 401 with
WWW-Authenticateheader containingresource_metadataURL, MCPProxy fetches the Protected Resource Metadata - The
resourcefield from metadata is automatically injected into OAuth authorization URL and token requests - If metadata doesn't contain
resource, MCPProxy falls back to using the server URL
{
"mcpServers": [
{
"name": "runlayer-slack",
"url": "https://oauth.runlayer.com/api/v1/proxy/abc123def/mcp",
"protocol": "http",
"enabled": true
// No OAuth config needed! Resource parameter auto-detected from metadata
}
]
}- Manual
extra_params.resourcein config (highest priority - preserves backward compatibility) - Auto-detected resource from RFC 9728 Protected Resource Metadata
- Fallback to server URL if metadata unavailable or lacks resource field
# View auto-detected resource parameter
mcpproxy auth status --server=runlayer-slack
# Check for OAuth issues including resource detection
mcpproxy doctor- OAuth Extra Parameters - Manual OAuth parameter configuration
- OAuth Documentation - Complete OAuth setup guide