The Nov 2025 release of MCP introduced a new client capability: URL Elicitation. This capability is game-changing for MCP servers that interact with external systems. But don't just take our word for it... Hear it straight from the author of the spec!

In this talk, Nate (lead author of URL Elicitation) will break down the "what" and "why" of this new addition to the protocol. You'll learn about:
- Why it's a mistake to reuse or "pass through" OAuth tokens from one server to another
- The confused deputy problem and other common pitfalls to watch out for
- How URL Elicitation unlocks a secure way for MCP servers to call external services that use OAuth or API keys, require payments, or gather sensitive information
- The correct security patterns for any remote MCP server project today

No need to be a security expert to attend! Nate will break down the problems and solutions in clear, relatable language, and provide crucial guidance for anyone building MCP servers in 2026 and beyond.