How MCP Works: What It Exposes, How It Talks, and How It Got Here

Every AI application eventually hits the same wall: the model is smart, but it is locked in a box. It cannot see your Jira board, your database, your files, your calendar. Before late 2024, every vendor solved this with bespoke plugins — one integration per app per data source, written against whatever API shape that app invented. M apps times N data sources meant M×N integrations, each one a snowflake. ...

July 4, 2026 · 18 min · 3703 words · Darek Dwornikowski

MCP Auth, Explained: Every Method, Direct and Through a Proxy

Auth is the part of MCP everyone gets wrong first. I know because I build MCP gateways for a living, and the most common support question is some variant of “my client has a token, why won’t the server take it?” The answer is almost always the same: the token was minted for someone else. This post is a field guide. (If MCP itself is new to you — what servers expose, how the protocol talks, how it evolved — start with the companion post, How MCP Works, and come back.) Part one covers how each auth method works when a client talks to an MCP server directly. Part two covers what changes when a proxy — an MCP gateway — sits in the middle, which is where most enterprise deployments end up and where most of the interesting failure modes live. Every method gets a sequence diagram showing who talks to whom and which token moves where. ...

July 4, 2026 · 23 min · 4772 words · Darek Dwornikowski