Secure-by-Default Authorization for MCP Servers powered by ToolHive

ToolHive is a solution that helps control who can call what in MCP servers, separating authentication from authorization and using Amazon's Cedar policy language to define access rules. Authentication verifies identity, while authorization determines what that identity is allowed to do. ToolHive treats these as two distinct steps, first authenticating the caller and then checking what they can access. The system uses OpenID Connect to handle authentication and applies its own permission rules for MCP actions. By separating authentication and authorization, ToolHive can rely on well-proven identity systems and avoid conflating identity with access control. The authorization framework is built on Amazon's Cedar policy language and is designed as a layer on top of the base MCP server. Once an MCP server is launched with ToolHive's authZ enabled, every client request goes through an authorization check before reaching the server logic. The process involves authenticating the client, extracting request information, policy evaluation, and allowing or denying the request based on the policy rules. ToolHive acts as a policy enforcement point in front of the MCP server, blocking unauthorized tool invocations and reducing the risk of malicious requests. The Cedar policy language is flexible and expressive, supporting both role-based and attribute-based rules, and allowing for fine-grained access control.