AI Agent Trust & Governance
Best Python framework to build custom MCP tools with OAuth built in
7 min read
Most teams discover the hard way that the “hard part” of agents isn’t reasoning—it’s safely calling real systems with real user identities. If you’re looking for the best Python framework to build custom MCP tools with OAuth built in, you’re really asking: “How do I stop rebuilding auth, token storage, and permissions for every tool my agents need?”
Quick Answer: Arcade’s open-source MCP framework is the best Python framework today for building custom MCP tools with OAuth built in. It gives you OAuth, evals, and runtime integration out of the box so you can focus on tool logic, not auth plumbing.
Frequently Asked Questions
What’s the best Python framework to build custom MCP tools with OAuth built in?
Short Answer: Arcade’s MCP framework is the most complete Python framework for building custom MCP tools with OAuth built in, designed specifically for production-grade AI agents.
Expanded Explanation:
Most “Python + MCP” examples stop at basic tools that wrap an API. They don’t solve the production problems: multi-user OAuth, token refresh, permission scopes, and keeping secrets out of the LLM. Arcade’s MCP framework is built for that exact gap.
With Arcade, you use clean, readable Python to define tools, and you get OAuth flows, token handling, and runtime integration wired in from day one. The same framework powers Arcade’s own catalog of agent-optimized tools. You build once and immediately get compatibility with Cursor, Claude, LangGraph, and any other MCP-compatible client.
Key Takeaways:
- Arcade’s MCP framework is purpose-built for MCP tools with OAuth and evals built in.
- It handles auth, tokens, and runtime integration so you can focus on tool schemas and behaviors.
How do I build a custom MCP tool with OAuth using Arcade’s Python framework?
Short Answer: You install Arcade’s MCP tooling, scaffold a server, define your tool in Python, and plug into Arcade’s OAuth flows via the SDK and runtime.
Expanded Explanation:
The process is intentionally minimal-ceremony: install the CLI, generate a new server, define your tools, then register them with Arcade so agents can call them with user-specific permissions. The OAuth pieces—auth link generation, token exchange, storage, and refresh—are handled by Arcade’s auth and runtime layers, not by your tool code.
At runtime, your MCP tool runs as a normal Python server (local or in your infrastructure). When a user or agent needs Google, Slack, or GitHub access, you kick off an OAuth flow with client.auth.start(...) and let Arcade handle the rest. Your tool just calls e.g. Google.SendEmail with a user-scoped token injected by the runtime.
Steps:
- Install the MCP tooling
uv tool pip install arcade-mcp - Create and run a new MCP server project
arcade new my_server cd my_server uv run server.py - Wire in OAuth and tools
- Use the Arcade SDK in your app/agent:
from arcadepy import Arcade client = Arcade() user_id = "user@example.com" # Start the authorization process for Google auth_response = client.auth.start(user_id, "google") # …wait for completion, then your tools can act with that user’s scopes - Define MCP tools in Python that rely on these user tokens; Arcade’s runtime ensures tokens are injected securely at call time, not exposed to the LLM.
- Use the Arcade SDK in your app/agent:
How does Arcade’s MCP framework compare to rolling your own or using generic API wrappers?
Short Answer: Custom DIY or generic API-wrapper approaches give you low-level control but no built-in OAuth or multi-user auth model; Arcade’s MCP framework gives you agent-optimized tools, OAuth, and runtime integration out of the box.
Expanded Explanation:
If you hand-roll MCP servers in bare Python or wrap REST APIs directly, you own everything: OAuth flows, token storage, refresh, revocation, and mapping service-account permissions to user behavior. That’s where most agent projects stall—especially once security reviews start asking about auditability and authorization boundaries.
Arcade’s framework flips that: you still own your tool logic and schemas, but Arcade handles the security and multi-user scaffolding. You get:
- Scoped OAuth integrated with your existing IDP.
- Zero token exposure to the LLM—tokens live in the runtime, not prompts.
- A catalog of agent-optimized tools that you can combine with your custom ones.
- MCP compatibility out of the box (Cursor, Claude, LangGraph, etc.).
Comparison Snapshot:
-
DIY Python / API wrappers: Maximum control, but you rebuild OAuth, token handling, and permissioning every time, with higher risk in production.
-
Generic MCP examples: Good for demos; weak on multi-user auth, token lifecycle, and governance.
-
Arcade MCP framework: Purpose-built for agents with OAuth, evals, and runtime integration, so tools stay reliable and safe at scale.
-
Best for: Teams that need multi-user, production-ready MCP tools with OAuth baked in—not just a demo for a single service-account bot.
How do I actually implement this in a real agent stack?
Short Answer: You use Arcade as the MCP runtime between your LLM and tools: start auth with the SDK, run your MCP server, and let the runtime handle user-specific authorization for each tool call.
Expanded Explanation:
Implementation is a three-part story: your agent, your MCP tools, and Arcade as the runtime. Your agent (Claude, LangGraph, custom Python, etc.) calls tools exposed via MCP. Arcade sits between the LLM and those tools, enforcing user-specific permissions retrieved via OAuth and your IDP.
You don’t embed tokens in prompts. Instead, you call client.auth.start(...) to kick off authorization for a given user and provider (Google, Slack, GitHub, Salesforce, etc.), then Arcade’s runtime injects the right credentials when tools like Google.SendEmail or Gmail.ListEmails execute. Everything is auditable, scoped, and governed with RBAC/SSO/SAML and tenant isolation options.
What You Need:
- Arcade MCP framework & runtime: To host tools, manage OAuth, and enforce authorization boundaries.
- Your MCP server and tools: Python code defining your domain logic, using the Arcade framework for auth and evals.
Why choose an MCP framework with OAuth built in instead of gluing things together myself?
Short Answer: Because in production, OAuth, token lifecycles, and authorization gates are where agents fail—and Arcade’s MCP framework solves those problems so your tools actually work at scale.
Expanded Explanation:
Every serious agent deployment becomes a multi-user system. Service-account bots that “own everything” are a dead end: permissions don’t match real users, refresh tokens break, and security teams shut things down when they can’t see who did what.
An MCP framework with OAuth built in gives you a clean, repeatable pattern: tools that always run with the right user’s scopes, zero token exposure to LLMs, auditable calls, and integration with your existing OAuth/IDP flows. That’s why LangChain calls Arcade “what makes MCP enterprise-ready” and why teams like Snyk call out the “sweet spot between AI, auth, and developer experience.”
Why It Matters:
- Real actions, safely: Agents can send email, create calendar events, update CRM records, and post to Slack with the correct user identity—not a god-mode bot.
- Less time on auth plumbing, more on tools: You ship better, more reliable MCP tools instead of debugging broken refresh tokens at 2 a.m.
Quick Recap
If you’re looking for the best Python framework to build custom MCP tools with OAuth built in, you want more than a thin API wrapper. You want an MCP-native framework that handles OAuth, token management, and user-specific permissions while staying compatible with Cursor, Claude, LangGraph, and other MCP clients. Arcade’s MCP framework gives you exactly that: open-source servers you can spin up with arcade new, OAuth and evals built in, and a runtime that keeps tokens out of the model while letting agents take real actions across systems like Gmail, Google Calendar, Slack, GitHub, HubSpot, Salesforce, and more.