OAuth2 Client Credentials

OAuth2 support in bridge (>=2.1.0) is designed for machine-to-machine integrations.

{
  "servers": {
    "provider": {
      "transport": "streamable-http",
      "url": "https://provider.com/mcp",
      "auth": {
        "type": "oauth2",
        "clientId": "${CLIENT_ID}",
        "clientSecret": "${CLIENT_SECRET}",
        "tokenUrl": "https://provider.com/oauth/token",
        "scopes": ["read", "write"],
        "audience": "https://api.provider.com"
      }
    }
  }
}

Runtime behavior

Automatic token acquisition
Cached token reuse until near-expiry (60s safety buffer)
Automatic refresh
Single-attempt retry on 401

Recipe spec alignment: transport-level auth field in Universal Recipe Spec v2 (§2.3 / §2.5.1).