The Model Context Protocol (MCP) is receiving a major update exactly one year after its launch. Anthropic, the developer of the open protocol, is adding functionality for more complex workflows and simplifying authorization flows. The update offers support for task-based workflows, URL-based client registration, and sampling with tools.
Anthropic’s MCP specification was launched at the end of 2024. The AI industry quickly embraced the protocol. Companies such as Google, OpenAI, and Microsoft integrated the protocol within a few months. Enterprise platforms such as SAP, Oracle, and Docker also announced support. The new features are based on user feedback from production MCP deployments.
Task-based workflows as an experimental feature
The most important addition is support for task-based workflows. This feature allows tracking long-running operations and retrieving their results for up to a server-determined duration after creation. Tasks support different statuses: working, input_required, completed, failed, and canceled. Clients can query the status of ongoing work at any time.
The functionality is particularly useful for scenarios such as healthcare data analysis with hundreds of thousands of data points, enterprise automation platforms with complex workflows, and code migration tools that run for minutes or hours. Tasks are being launched as an experimental feature within the core protocol. Anthropic wants to battle-test the specification in real-world scenarios before finalizing it.
Simplified authorization flows
Anthropic’s update also addresses an important pain point: Dynamic Client Registration (DCR). This functionality was necessary because there are an infinite number of MCP clients and servers, making standard client pre-registration impractical. However, DCR required an Authorization Server that allows clients to register themselves via a public API.
The new release introduces URL-based client registration via OAuth Client ID Metadata Documents as a more elegant solution. Clients can now specify their own client ID as a URL pointing to a JSON document containing their properties. This significantly simplifies the authorization process for developers.
Security and enterprise features
The update also includes improvements in security and authentication. Anthropic developed client security requirements for local server installation and default scope definition in the authorization specification. In addition, there will be support for enterprise IdP policy controls and OAuth client credentials for machine-to-machine authorization.
For secure out-of-band interactions, Anthropic introduces URL mode elicitation. This allows users to be redirected to an OAuth flow in their browser for secure authentication, without the MCP client seeing the credentials they enter. The credentials are managed directly by the server.
Another important addition is sampling with tools. MCP servers can now run their own agentic loops with the client’s tokens, while these remain under the user’s control. This reduces the complexity of client implementations. The new release is backwards compatible, so existing implementations will continue to work.
Tip: How the Model Context Protocol has taken the AI world by storm