Headless OAuth for MCP Servers The Copilot CLI v1.0.40 release shipped today with a feature that matters if you're running the CLI on remote servers, in CI, or anywhere you don't have a browser: client_credentials OAuth grant type support for MCP servers . This enables fully headless authentication without needing to spawn a browser for the OAuth flow. Before this, connecting an MCP server that required OAuth meant you needed an interactive browser session to complete the authorization flow. That's fine on your laptop. It's not fine on a headless build server, inside a container, or over SSH where you don't have X forwarding. The typical workaround was to pre-authenticate elsewhere and copy tokens manually, or skip OAuth-protected MCP servers entirely on those environments. Now MCP servers can use the client_credentials grant type — a machine-to-machine OAuth flow that exchanges a client ID and secret for an access token without user interaction. This is the same flow services use to talk to other services.…