Model Context Protocol (MCP) servers let AI assistants interact with real user data. That means auth isn't optional — it's the difference between a useful tool and a data breach. This post walks through exactly how Can Tax Pro secures its Python MCP server with Firebase Authentication, supporting both Firebase ID tokens (for direct access) and a custom OAuth 2.0 flow (for third-party clients like Claude.ai). Architecture Overview The system has three moving parts: Browser / Claude.ai Client │ │ Authorization: Bearer <token> ▼ MCP Server (Python/FastMCP on Cloud Run) │ │ Firebase Admin SDK ▼ Firestore (data isolated by userId) Enter fullscreen mode Exit fullscreen mode The MCP server accepts two token types : Firebase ID tokens — issued by Firebase Authentication, verified cryptographically Custom OAuth tokens ( ctpo_* ) — issued by the web app's OAuth server, stored as hashes in Firestore The web app itself acts as the OAuth authorization server for third-party integrations.…