1. Krisp Help
  2. Krisp AI Meeting Assistant
  3. Features

Krisp MCP: Integrating your own MCP client

Who can use this feature?

Users: users on Core Plan

This page describes how to build an MCP client that connects to Krisp MCP using OAuth 2.0 with PKCE.

  Important

Krisp MCP supports Streamable HTTP only; SSE is not supported

Overview

  • OAuth 2.0: Authorization Code flow with PKCE (RFC 7636)
  • Discovery: RFC 9470 (Protected Resource Metadata) and RFC 8414 (Authorization Server Metadata)
  • Transport: Streamable HTTP to "https://mcp.krisp.ai/mcp" with "Authorization: Bearer <access_token>"
  • Token validation: Krisp validates tokens via OAuth2 Token Introspection (RFC 7662)

Step 1: OAuth discovery

Given the MCP server URL "https://mcp.krisp.ai/mcp":

  1. RFC 9470: Fetch "GET https://mcp.krisp.ai/mcp/.well-known/oauth-protected-resource" to get "authorization_servers" (array of URLs)
  2. RFC 8414: Fetch "GET {authorization_server}/.well-known/oauth-authorization-server" (using the first URL from step 1) to get "authorization_endpoint", "token_endpoint", "code_challenge_methods_supported", and related metadata

Use these endpoints to build the authorization URL and to exchange the code for tokens; do not hardcode OAuth URLs.

Step 2: PKCE

Generate a code verifier (e.g. 32 random bytes, base64url-encoded) and a code challenge (SHA-256 hash of the verifier, base64url-encoded). Send "code_challenge" and "code_challenge_method: S256" on the authorization request; send "code_verifier" on the token request. Keep the code verifier secret until the token exchange.

Step 3: Authorization flow

Redirect the user to the "authorization_endpoint" with:

  • "response_type=code"
  • "client_id" (from your app or dynamic registration if supported)
  • "redirect_uri"
  • "scope" (if required)
  • "state" (random value; validate on callback)
  • "code_challenge"
  • "code_challenge_method=S256"

After the user authorizes, the server redirects to your "redirect_uri" with "code" and "state". Validate "state", then exchange "code" for tokens.

Step 4: Token exchange

"POST" to the "token_endpoint" with:

  • "grant_type=authorization_code"
  • "code"
  • "redirect_uri"
  • "client_id"
  • "code_verifier"

Store the returned "access_token" (and "refresh_token" if provided) securely. Use the access token in the "Authorization: Bearer <access_token>" header for all MCP requests.

Step 5: Connect to Krisp MCP

Send MCP protocol requests (e.g. JSON-RPC) to "https://mcp.krisp.ai/mcp" over Streamable HTTP (POST with JSON body). Include:

  • "Authorization: Bearer <access_token>"
  • "Content-Type: application/json"

Step 6: Token refresh

If the server returns a "refresh_token", use it to get a new access token when the current one expires. POST to "token_endpoint" with "grant_type=refresh_token", "refresh_token", and "client_id". Replace the stored tokens with the new ones. If the server returns "invalid_grant" on refresh, prompt the user to re-authenticate.

References

  Info

  • To read more about Krisp MCP, please refer to this article
  • To read more about Krisp MCP supported tools, please refer to this article

Have more questions? Submit a request

Was this article helpful?
0 out of 0 found this helpful

Related articles