Authentication is Optional
Most tools on the Venturu MCP server work without authentication. You can search businesses, browse brokers, and retrieve details without logging in. Authentication is only required for tools that take action on behalf of a user:| Tool | Auth Required |
|---|---|
search_businesses | No |
search_brokers | No |
get_business | No |
get_broker | No |
list_business_categories | No |
list_languages | No |
contact_broker | Yes |
contact_seller | Yes |
who_am_i | Yes |
How It Works
The Venturu MCP server implements the OAuth 2.0 Authorization Code flow with PKCE (Proof Key for Code Exchange), the standard for MCP authentication. Most MCP clients handle this flow automatically — you just approve the connection.What Happens in Practice
- You trigger an authenticated tool — e.g., ask the AI to contact a broker
- Your MCP client opens a browser window to the Venturu consent screen
- You approve the connection with your Venturu account
- The client receives tokens and can make authenticated requests
- Tokens refresh automatically — you won’t need to log in again
OAuth Endpoints
For client developers building MCP integrations, here are the standard discovery endpoints:| Endpoint | URL |
|---|---|
| Authorization Server Metadata | https://www.venturu.com/.well-known/oauth-authorization-server |
| Protected Resource Metadata | https://www.venturu.com/.well-known/oauth-protected-resource |
| Authorization | https://www.venturu.com/api/oauth/mcp/authorize |
| Token | https://www.venturu.com/api/oauth/mcp/token |
| Dynamic Client Registration | https://www.venturu.com/api/oauth/mcp/register |
Scopes
| Scope | Description |
|---|---|
mcp:access | Access to all MCP tools, including contact tools |
Token Lifetimes
| Token | Lifetime |
|---|---|
| Access token | 1 hour |
| Refresh token | Managed automatically by the client |
Dynamic Client Registration
The Venturu MCP server supports RFC 7591 Dynamic Client Registration. MCP clients can register themselves automatically without manual configuration. This means:- No need to pre-register your application
- No client secrets to manage
- The client receives a
client_idon first connection
If your MCP client supports the standard OAuth 2.0 discovery flow (via
.well-known/oauth-authorization-server), authentication will work out of the box with no manual configuration.Troubleshooting
I see 'This tool requires authentication'
I see 'This tool requires authentication'
You’re calling a contact tool without being authenticated. Your MCP client should prompt you to log in — check for a browser popup or notification. If not, reconnect to the server and try again.
The OAuth window doesn't appear
The OAuth window doesn't appear
Some MCP clients may not support OAuth flows yet. Check your client’s MCP documentation for authentication support. You can still use all read-only tools without authentication.
My token expired
My token expired
Access tokens last 1 hour. Your MCP client should automatically refresh them. If you’re seeing auth errors after a long session, try disconnecting and reconnecting to the server.