From a04e16dffc9ef51f7f6f49abf0f023ade5e38cd7 Mon Sep 17 00:00:00 2001
From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com>
Date: Mon, 9 Mar 2026 19:48:51 +0000
Subject: [PATCH] Document MCP OAuth redirect domains configuration

Generated-By: mintlify-agent
---
 ai/model-context-protocol.mdx | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/ai/model-context-protocol.mdx b/ai/model-context-protocol.mdx
index 589877571..7202b31a6 100644
--- a/ai/model-context-protocol.mdx
+++ b/ai/model-context-protocol.mdx
@@ -60,6 +60,23 @@ View and copy your MCP server URL on the [MCP server page](https://dashboard.min
   Hosted MCP servers use the `/mcp` path in their URLs. Other navigation elements cannot use the `/mcp` path.
 </Note>
 
+### Redirect domains
+
+When your documentation uses [authentication](/deploy/authentication-setup), users connecting to your MCP server must complete an OAuth flow. By default, this OAuth flow only allows redirects to loopback addresses (`localhost`, `127.0.0.1`, or `[::1]`) for local development.
+
+To allow MCP clients hosted on other domains to complete the OAuth flow, configure allowed redirect domains in your [MCP server settings](https://dashboard.mintlify.com/products/mcp).
+
+<Steps>
+  <Step title="Navigate to MCP settings.">
+    In your dashboard, go to [MCP server](https://dashboard.mintlify.com/products/mcp).
+  </Step>
+  <Step title="Add redirect domains.">
+    In the **Redirect domains** section, enter the domain where your MCP client is hosted. For example, `app.example.com`.
+  </Step>
+</Steps>
+
+The OAuth flow validates that redirect URIs use HTTPS and match an allowed domain. Loopback addresses are always permitted.
+
 ### Rate limits
 
 To protect availability, Mintlify applies rate limits to MCP servers.