September 3, 2025 | Jeremiah Lowin

FastMCP 2.12: Easy Enterprise Auth

Auth to the races

43 4

We’re excited to announce the release of FastMCP 2.12, a major update that reflects a pivotal moment for the MCP ecosystem. As more developers move their servers from local experiments to production services, the community’s needs have evolved. This release may be our largest and most ambitious yet, designed to provide the production-grade tooling this maturing ecosystem demands.

The scope of this release is a direct result of our growing community. To help steer the project, I’m also thrilled to welcome Bill Easton to the core team as our first external maintainer. Bill’s vision has been instrumental in shaping FastMCP, and this release includes several of his key contributions.

Give us a star on GitHub or check out the updated docs at gofastmcp.com.

Easy OAuth Integrations

The MCP specification requires servers to use OAuth 2.1 with Dynamic Client Registration (DCR), a modern standard where clients can register themselves automatically.1 In FastMCP 2.11, we shipped a fully DCR-compliant solution with our partners at WorkOS, using their excellent AuthKit product.

However, we recognize the reality that many large enterprises rely on identity providers like GitHub, Google, or Azure that do not support DCR (yet?). This leaves a critical gap for teams who needed to integrate MCP with their existing, battle-tested identity infrastructure.

FastMCP 2.12 closes that gap with the new OAuth Proxy interface. The proxy acts as a bridge, allowing your server to present a fully DCR-compliant interface to MCP clients, while seamlessly managing traditional OAuth flows with your non-DCR identity provider.

What was once a complex, multi-hundred-line integration is now a few lines of configuration. The main OAuthProxy is quite configurable, and we’ve also shipped built-in support for the most requested providers:

This means you can add enterprise-grade authentication to your MCP server in seconds, not weeks.

For example, here’s how quickly you can add GitHub authentication to your server (assuming you have a GitHub OAuth app configured):

from fastmcp import FastMCP
from fastmcp.server.auth.providers.github import GitHubProvider


auth_provider = GitHubProvider(
    client_id="your_client_id",
    client_secret="your_client_secret",
    base_url="http://localhost:8000", # your server's URL
)


mcp = FastMCP(name="GitHub Secured MCP", auth=auth_provider)

To learn more, please see the new OAuth Proxy documentation.

We’re especially grateful to the community members who helped us test and refine this feature. It’s rapidly improving as we collect feedback about production environments.

A Blueprint for Deployment

With the launch of FastMCP Cloud, our mission is to make deploying an MCP server as easy as building one. To bring that same simplicity and portability to everyone, we’re introducing a standard way to describe a server deployment: the fastmcp.json file.

This declarative manifest is the single source of truth for your server, defining:

  • Source (WHERE): The location of your server code.
  • Environment (WHAT): Its Python version and dependencies.
  • Deployment (HOW): Its runtime configuration, like transport and port.

For example:

{
  "$schema": "https://gofastmcp.com/public/schemas/fastmcp.json/v1.json",
  "source": {
    "path": "server.py",
    "entrypoint": "mcp"
  },
  "environment": {
    "python": ">=3.10",
    "dependencies": ["pandas", "requests"]
  },
  "deployment": {
    "transport": "http",
    "port": 8000
  }
}

This is the foundation for a future of truly portable MCP servers definitions. While FastMCP Cloud uses a separate manifest today, you can expect it to adopt fastmcp.json in the near future, enabling validated, one-click deployments with all dependencies correctly managed. We also anticipate support for new sources and environments.

Today, you can use fastmcp run fastmcp.json to run your server with all dependencies and your preferred transport from the command line, with no additional configuration required. CLI arguments are respected as configuration overrides.

For full details, please see the server configuration documentation.

Please note: this is a server-side analogue to the popular mcp.json configuration file, not an alternative to it. mcp.json tells an MCP client how to connect to a specific server; fastmcp.json is a declarative deployment configuration for running an MCP server.

Solving MCP’s Chicken-and-Egg Problem

MCP has many advanced features like “sampling”, in which a server can ask the client’s LLM to perform a task. However, these features require support from both servers and clients and consequently face a classic chicken-and-egg problem: server authors won’t implement the feature if clients don’t support it, and vice-versa.

Thanks to a fantastic contribution from our new maintainer, Bill Easton, FastMCP is breaking this cycle. Server authors can now define fallback sampling handlers. If a client doesn’t support sampling, FastMCP uses a server-side completions API to fulfill the request. This lets you build sophisticated tools with advanced MCP features today, knowing they will work for all clients and helping push the entire ecosystem forward.

For more information, please see the new Sampling Fallbacks documentation. FastMCP 2.12 includes an experimental OpenAI sampling handler, with more coming.

All of these features—enterprise-grade auth, declarative deployments, and ecosystem-aware fallbacks—represent FastMCP’s commitment to building a robust, production-ready framework for the entire MCP community.

Happy engineering!

Footnotes

  1. Technically, servers don’t have to support DCR, but then they must provide alternative ways for clients to authenticate that require much more complex configuration or client control. See https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization#dynamic-client-registration for details. ⤴️

Subscribe