We are trying to add an internal MCP server as a custom connector to our enterprise account. We are running into a roadblock because our server needs to use SSO to authenticate (we use Entra), and it does not support Dynamic Client Registration. This means we will need a way to specify a manually created client id / secret as part of the custom connector configuration if we want to use it in ChatGPT.
The MCP spec says that dynamic client registration SHOULD be supported, but it’s not a MUST – so it would be nice if we could optionally specify our id/secret when creating a connector. FWIW, Anthropic themselves allow this when adding an mcp server.
You can just create method “/register” on your MCP or use for example Azure API Management and to return client_id of application on which your MCP is registered in Azure Entra.
Second this! I really don’t want to enable DCR. VS Code doesn’t support DCR (or my MCP doesn’t support? But In ChatGPT, my authorization server (Keycloak) supports for DCR…) and prompts the user to enter the client ID, after which they are redirected to the login page. And that works.
But ChatGPT creates a confidential client using DCR, and I really don’t want that.
I use Keycloak as an authorization server and really don’t want ChatGPT to dynamically create clients for me. That makes management more difficult.
What does this look like an execution? All I’m getting from my side is:
{
“detail”: {
“message”: “OAuth failed: invalid_resource - AADSTS500011: The resource principal named [principal name] was not found in the tenant named [tenant name]. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. Trace ID: trace-id Correlation ID: correlation_id Timestamp: some_timestamp”,
“connector_id”: “connector_xyz”
}
}
