Securing an MCP Server with OAuth 2.1 and Keycloak: How Engram Moved from Bearer Tokens to a Real Resource Server
Most MCP servers ship with a static bearer token. It’s one line in .mcp.json, it works on day one, and it’s the wrong answer the moment your server is anything other than a personal dev tool. Engram, the semantic memory layer behind my AI-native development workflow, started there too. A shared bearer header in .mcp.json, […]