Stop Putting API Keys in mcp.json: Per-User OAuth with Amazon Cognito + AWS Lambda
This post details a method for securing API access by implementing per-user OAuth authentication in front of shared-key services. It addresses the security gap where shared API keys lead to a loss of individual accountability. The proposed solution uses Amazon Cognito and AWS Lambda to create a gateway that verifies user identity and scopes access before forwarding requests to upstream services that only support shared keys. AI
IMPACT Enhances security for AI agents and tools by enabling auditable, per-user access to shared-key APIs.