Authentication flow for the AgentFlow MCP Server
Learn how the AgentFlow MCP Server uses OAuth 2.0 with PKCE to authorize client access to context-aware tools.
The AgentFlow MCP Server uses OAuth 2.0 Authorization Code Flow with PKCE to authenticate users and agents. This flow ensures secure, auditable, and context-aware access to Reltio APIs. All interactions with MCP tools require a valid access token issued by the Reltio Authentication Server.
- Tokens are tenant-scoped and short-lived for secure session control.
- Only users with the
ROLE_EXECUTE_MCProle or any role that includes theagentflow.mcp.EXECUTEpermission can invoke MCP tools. Require provisioning by your tenant administrator. - Appropriate Reltio System Roles for every downstream component the agent accesses. Include ROLE_USER Access permissions, and — for service-to-service/API flows — ROLE_API Access permissions, plus any component-specific roles as needed (for example, Reltio Integration Hub may require ROLE_USER_RIH_INVOKER Access permissions). For more information, see System roles.
- All API calls are governed by Reltio's Permissions Framework and logged in the Activity Log.
- PKCE ensures compatibility with both browser and headless agent clients.
Authentication workflow
-
User prompt: A user agent (browser) initiates the flow with a user prompt. The MCP client picks up this prompt and initiates tool discovery via the LLM.
-
Tool discovery: The MCP client communicates with the LLM to find an appropriate tool using the Tool Find API (Message API). Once identified, the MCP tool is selected.
-
MCP tool access attempt (without token): The MCP client tries to invoke the MCP tool by calling the AgentFlow MCP Server. Since no token is provided, it receives a
401 Unauthorizedresponse with aWWW-Authenticateheader pointing to the OAuth discovery endpoint. -
OAuth discovery: The MCP client sends a
GETrequest to the OAuth metadata endpoint. The server responds with supported endpoints and methods. -
PKCE generation: The MCP client generates a
code_challengeandcode_verifieras part of the Proof Key for Code Exchange (PKCE) process. -
User redirection to authorization: The MCP client constructs an authorization URL including the
code_challengeand redirects the user (via browser) to the Reltio Auth Server. -
User authentication: The Reltio Auth Server prompts the user to sign in and approve access.
-
Redirect with authorization code: After successful login, the user is redirected back to the client’s callback URL along with the
authorization_code. -
Token exchange: The MCP client exchanges the
authorization_codeandcode_verifierfor an access token from the Reltio Auth Server. -
MCP tool access (authenticated): The MCP client resends the request to the MCP Server, this time including the access token.
-
Token validation: The MCP Server validates the access token by calling the
checkTokenendpoint on the Reltio Auth Server. -
Final tool invocation: With the token validated, the MCP Server invokes the corresponding Reltio API.
-
Response to user: The MCP Server sends the response to the MCP client, which relays it to the user agent (browser).
Authentication components
| Component | Description |
|---|---|
| User Agent (Browser) | Handles the user-facing portion of the OAuth flow, including login and consent via the Auth Server. |
| MCP Client | Initiates tool discovery, generates PKCE values, redirects users to authenticate, and exchanges codes for tokens. Examples include LangChain apps, Jupyter notebooks, and command-line scripts using the MCP SDK. |
| LLM | Assists in tool discovery based on the user prompt. Examples include Claude and ChatGPT integrated into agent workflows. |
| Reltio AgentFlow MCP Server | Processes tool requests, validates tokens, and invokes Reltio APIs on behalf of authenticated clients. |
| Reltio Auth Server | Authenticates users, issues tokens, and validates access tokens during MCP requests. |
| Reltio API | Secured downstream endpoints that provide core MDM functions such as entity resolution and data enrichment. |