Skip to content

OAuth and revocation

betaplatform · hosted-mcp@workspace-runtime-v1

The MCP client discovers Sift’s authorization endpoints, opens browser consent, and receives a scoped grant. The docs origin never receives the token. Consent identifies the workspace and requested capabilities; cancel if either is unexpected.

Revoke from the client or Sift connection controls, then reload the client’s tools. Logout/revocation invalidates future access but does not erase already-audited actions. Use local CLI credentials only for the local fallback and never copy them into a remote MCP JSON file.