[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"sanity-_F8TsHJ0okpu5HBpFjx1_JqHN34PfQ4htERoebtZhqc":3},{"data":4,"sourceMap":-1},{"info":5,"latest":21},{"_createdAt":6,"_id":7,"_rev":8,"_type":9,"_updatedAt":10,"avatar":11,"bio":16,"employee":17,"name":18,"slug":19},"2023-05-23T16:27:18Z","wp-author-cap-19861","dgl3SCUzppW3U2LvCoP6c0","blogAuthor","2023-06-20T15:05:12Z",{"_type":12,"asset":13},"image",{"_ref":14,"_type":15},"image-74ae88d47c8e7027aa12bdc96461f800ccf7828a-350x350-jpg","reference","Dan Moore is the head of developer relations at FusionAuth. Dan helps developers leverage FusionAuth for their applications, educates developers about OAuth and authentication, and supports the FusionAuth developer community. Dan has been coding for over 20 years and has been a CTO, engineering manager, contractor, technical trainer, and software engineer. Dan has also been a speaker at numerous tech conferences and meetups. Dan is a published author of two books and a contributor on a third: “Developing Cross Platform Mobile Applications with Cordova CLI”, “Letters to a New Developer”, and “97 Things Every Cloud Engineer Should Know”.  Outside of work he enjoys gardening, camping and backpacking. ","none","Dan Moore",{"current":20},"dan-moore",[22,65,107,136],{"_id":23,"author":24,"commentCount":30,"comments":31,"excerpt":32,"featureTag":28,"image":33,"publishedAt":37,"slug":38,"sponsored":28,"tags":41,"title":64},"9ca28259-0129-4b80-81a3-bca2d12dab0c",[25],{"_id":7,"avatar":26,"name":18,"role":28,"slug":29},{"_type":12,"asset":27},{"_ref":14,"_type":15},null,{"current":20},2,true,"Learn how to protect MCP servers from unauthorized access and how authentication of MCP clients to MCP servers works.",{"_type":12,"asset":34,"attribution":36},{"_ref":35,"_type":15},"image-d58aa70297f6b0073c30d4cc86d239114b86a423-12000x6300-jpg","Alexandra Francis","2026-01-21T10:00:00.000-05:00",{"_type":39,"current":40},"slug","is-that-allowed-authentication-and-authorization-in-model-context-protocol",[42,49,56,60],{"_createdAt":43,"_id":44,"_rev":45,"_type":46,"_updatedAt":43,"slug":47,"title":48},"2023-05-23T16:43:21Z","wp-tagcat-authorization","9HpbCsT2tq0xwozQfkc4ih","blogTag",{"current":48},"authorization",{"_createdAt":43,"_id":50,"_rev":51,"_type":46,"_updatedAt":52,"slug":53,"title":55},"wp-tagcat-ai","fpDTFQqIDjNJIbHDKPBGpV","2025-01-30T16:19:01Z",{"current":54},"ai","AI",{"_createdAt":43,"_id":57,"_rev":45,"_type":46,"_updatedAt":43,"slug":58,"title":59},"wp-tagcat-se-tech",{"current":59},"se-tech",{"_createdAt":43,"_id":61,"_rev":45,"_type":46,"_updatedAt":43,"slug":62,"title":63},"wp-tagcat-se-stackoverflow",{"current":63},"se-stackoverflow","Is that allowed? Authentication and authorization in Model Context Protocol",{"_id":66,"author":67,"commentCount":72,"comments":31,"excerpt":73,"featureTag":28,"image":74,"publishedAt":77,"slug":78,"sponsored":28,"tags":80,"title":106},"wp-post-19921",[68],{"_id":7,"avatar":69,"name":18,"role":28,"slug":71},{"_type":12,"asset":70},{"_ref":14,"_type":15},{"current":20},12,"OAuth2 is one of the most popular specifications for API authentication today, though wrapping your head around it can be a challenge. ",{"_type":12,"asset":75},{"_ref":76,"_type":15},"image-a1349e4f6b8193bcbc7034de176bd4cae9c4f370-2400x1260-jpg","2022-12-22T14:00:00.000Z",{"current":79},"the-complete-guide-to-protecting-your-apis-with-oauth2",[81,85,87,92,97,102],{"_createdAt":43,"_id":82,"_rev":45,"_type":46,"_updatedAt":43,"slug":83,"title":84},"wp-tagcat-authentication",{"current":84},"authentication",{"_createdAt":43,"_id":44,"_rev":45,"_type":46,"_updatedAt":43,"slug":86,"title":48},{"current":48},{"_createdAt":43,"_id":88,"_rev":45,"_type":46,"_updatedAt":43,"slug":89,"title":91},"wp-tagcat-code-for-a-living",{"current":90},"code-for-a-living","Code for a Living",{"_createdAt":43,"_id":93,"_rev":45,"_type":46,"_updatedAt":43,"slug":94,"title":96},"wp-tagcat-oauth2",{"current":95},"oauth2","OAuth2",{"_createdAt":43,"_id":98,"_rev":45,"_type":46,"_updatedAt":43,"slug":99,"title":101},"wp-tagcat-rest-api",{"current":100},"rest-api","rest api",{"_createdAt":43,"_id":103,"_rev":45,"_type":46,"_updatedAt":43,"slug":104,"title":105},"wp-tagcat-security",{"current":105},"security","The complete guide to protecting your APIs with OAuth2 (part 1)",{"_id":108,"author":109,"commentCount":30,"comments":31,"excerpt":114,"featureTag":28,"image":115,"publishedAt":118,"slug":119,"sponsored":28,"tags":121,"title":135},"wp-post-21154",[110],{"_id":7,"avatar":111,"name":18,"role":28,"slug":113},{"_type":12,"asset":112},{"_ref":14,"_type":15},{"current":20},"Prompting for a username and password is so 2005. Today, you can just prompt for a fingerprint. ",{"_type":12,"asset":116},{"_ref":117,"_type":15},"image-68f755796b9a7d63db6cb0b4a88a098c389ed567-2560x1344-jpg","2022-11-16T15:00:00.000Z",{"current":120},"biometric-authentication-for-web-devs",[122,124,128,130],{"_createdAt":43,"_id":82,"_rev":45,"_type":46,"_updatedAt":43,"slug":123,"title":84},{"current":84},{"_createdAt":43,"_id":125,"_rev":45,"_type":46,"_updatedAt":43,"slug":126,"title":127},"wp-tagcat-biometrics",{"current":127},"biometrics",{"_createdAt":43,"_id":88,"_rev":45,"_type":46,"_updatedAt":43,"slug":129,"title":91},{"current":90},{"_createdAt":43,"_id":131,"_rev":45,"_type":46,"_updatedAt":43,"slug":132,"title":134},"wp-tagcat-web-development",{"current":133},"web-development","web development","You can add biometric authentication to your webpage. Here's how.",{"_id":137,"author":138,"commentCount":143,"comments":31,"excerpt":144,"featureTag":28,"image":145,"publishedAt":148,"slug":149,"sponsored":28,"tags":151,"title":165},"wp-post-19945",[139],{"_id":7,"avatar":140,"name":18,"role":28,"slug":142},{"_type":12,"asset":141},{"_ref":14,"_type":15},{"current":20},3,"",{"_type":12,"asset":146},{"_ref":147,"_type":15},"image-223a23106216b957281b27f58063f4df5d16a780-2400x1260-jpg","2022-04-14T14:00:00.000Z",{"current":150},"the-authorization-code-grant-in-excruciating-detail",[152,157,159,161,163],{"_createdAt":43,"_id":153,"_rev":45,"_type":46,"_updatedAt":43,"slug":154,"title":156},"wp-tagcat-api",{"current":155},"api","API",{"_createdAt":43,"_id":82,"_rev":45,"_type":46,"_updatedAt":43,"slug":158,"title":84},{"current":84},{"_createdAt":43,"_id":44,"_rev":45,"_type":46,"_updatedAt":43,"slug":160,"title":48},{"current":48},{"_createdAt":43,"_id":88,"_rev":45,"_type":46,"_updatedAt":43,"slug":162,"title":91},{"current":90},{"_createdAt":43,"_id":93,"_rev":45,"_type":46,"_updatedAt":43,"slug":164,"title":96},{"current":95},"The Authorization Code grant (in excruciating detail) Part 2 of 2"]