diff --git a/src/lib/components/mcp/AddServerForm.svelte b/src/lib/components/mcp/AddServerForm.svelte
index a5bc035d5bf..6f5b5a623f7 100644
--- a/src/lib/components/mcp/AddServerForm.svelte
+++ b/src/lib/components/mcp/AddServerForm.svelte
@@ -5,6 +5,7 @@
 		validateHeader,
 		isSensitiveHeader,
 	} from "$lib/utils/mcpValidation";
+	import { discoverServer, type DiscoveryResponse } from "$lib/utils/mcpOAuth";
 	import IconEye from "~icons/carbon/view";
 	import IconEyeOff from "~icons/carbon/view-off";
 	import IconTrash from "~icons/carbon/trash-can";
@@ -12,7 +13,12 @@
 	import IconWarning from "~icons/carbon/warning";
 
 	interface Props {
-		onsubmit: (server: { name: string; url: string; headers?: KeyValuePair[] }) => void;
+		onsubmit: (server: {
+			name: string;
+			url: string;
+			headers?: KeyValuePair[];
+			discovery?: DiscoveryResponse;
+		}) => void;
 		oncancel: () => void;
 		initialName?: string;
 		initialUrl?: string;
@@ -32,6 +38,8 @@
 	let name = $state("");
 	let url = $state("");
 	let headers = $state<KeyValuePair[]>([]);
+	let probing = $state(false);
+	let discoveryFailed = $state(false);
 
 	$effect.pre(() => {
 		name = initialName;
@@ -41,6 +49,16 @@
 	let showHeaderValues = $state<Record<number, boolean>>({});
 	let error = $state<string | null>(null);
 
+	// Reset the "skip discovery" escape hatch whenever the user edits the URL.
+	// Otherwise a typo'd URL that failed discovery once would silently bypass
+	// auto-discovery on every subsequent corrected URL too, leaving real
+	// OAuth-protected servers added without an oauth state.
+	$effect(() => {
+		// Track url as a reactive dep
+		void url;
+		discoveryFailed = false;
+	});
+
 	function addHeader() {
 		headers = [...headers, { key: "", value: "" }];
 	}
@@ -90,16 +108,40 @@
 		return true;
 	}
 
-	function handleSubmit() {
+	async function handleSubmit() {
 		if (!validate()) return;
 
-		// Filter out empty headers
 		const filteredHeaders = headers.filter((h) => h.key.trim() && h.value.trim());
+		const finalUrl = url.trim();
+
+		// Skip the OAuth probe entirely if the user already provided manual auth
+		// headers — this preserves the existing custom-server flow for API-key
+		// based servers without an extra round trip.
+		const hasManualAuth = filteredHeaders.some((h) => h.key.toLowerCase() === "authorization");
+		let discovery: DiscoveryResponse | undefined;
+		if (!hasManualAuth && !discoveryFailed) {
+			probing = true;
+			try {
+				discovery = await discoverServer(finalUrl);
+			} catch (e) {
+				// Discovery failed (network, broken server, AS down). Surface the
+				// error inline so the user can read it; on next submit we skip
+				// auto-discovery and add the server as-is.
+				probing = false;
+				discoveryFailed = true;
+				const msg = e instanceof Error ? e.message : "Discovery failed";
+				error = `Could not contact server: ${msg}. Submit again to add it without auto-discovery.`;
+				return;
+			} finally {
+				probing = false;
+			}
+		}
 
 		onsubmit({
 			name: name.trim(),
-			url: url.trim(),
+			url: finalUrl,
 			headers: filteredHeaders.length > 0 ? filteredHeaders : undefined,
+			discovery,
 		});
 	}
 </script>
@@ -248,9 +290,10 @@
 		<button
 			type="button"
 			onclick={handleSubmit}
-			class="rounded-lg bg-blue-600 px-4 py-2 text-sm font-medium text-white hover:bg-blue-600"
+			disabled={probing}
+			class="rounded-lg bg-blue-600 px-4 py-2 text-sm font-medium text-white hover:bg-blue-600 disabled:opacity-60"
 		>
-			{submitLabel}
+			{probing ? "Checking…" : submitLabel}
 		</button>
 	</div>
 </div>
diff --git a/src/lib/components/mcp/AuthorizeStep.svelte b/src/lib/components/mcp/AuthorizeStep.svelte
new file mode 100644
index 00000000000..295c33cf8f6
--- /dev/null
+++ b/src/lib/components/mcp/AuthorizeStep.svelte
@@ -0,0 +1,218 @@
+<script lang="ts">
+	import { untrack } from "svelte";
+	import type { DiscoveryResponse } from "$lib/utils/mcpOAuth";
+	import {
+		openAuthPopup,
+		runFullPageAuthFlow,
+		startAuthFlow,
+		type OAuthCallbackPayload,
+	} from "$lib/utils/mcpOAuth";
+	import type { MCPClientInformation } from "$lib/types/Tool";
+	import IconWarning from "~icons/carbon/warning";
+	import IconCheckmark from "~icons/carbon/checkmark-filled";
+	import LucideShieldCheck from "~icons/lucide/shield-check";
+
+	interface Props {
+		discovery: DiscoveryResponse;
+		serverUrl: string;
+		serverId: string; // required so the redirect fallback can route back
+		onauthorized: (payload: OAuthCallbackPayload, clientInfo: MCPClientInformation) => void;
+		oncancel: () => void;
+	}
+
+	let { discovery, serverUrl, serverId, onauthorized, oncancel }: Props = $props();
+
+	let phase = $state<"idle" | "starting" | "popup" | "manual" | "error" | "done">(
+		untrack(() => (discovery.clientInfo ? "idle" : "manual"))
+	);
+	let errorMessage = $state<string | null>(null);
+	let manualClientId = $state("");
+	let manualClientSecret = $state("");
+	let popupBlocked = $state(false);
+
+	const issuerHost = $derived.by(() => {
+		const issuer = discovery.asMetadata?.issuer;
+		if (!issuer) return "";
+		try {
+			return new URL(issuer).host;
+		} catch {
+			return issuer;
+		}
+	});
+
+	function buildClientInfo(): MCPClientInformation | null {
+		if (discovery.clientInfo) return discovery.clientInfo;
+		if (!manualClientId.trim()) {
+			errorMessage = "Client ID is required";
+			return null;
+		}
+		return {
+			client_id: manualClientId.trim(),
+			client_secret: manualClientSecret.trim() || undefined,
+			redirect_uris: [], // server adds the canonical redirect_uri itself
+		};
+	}
+
+	async function handleAuthorize() {
+		errorMessage = null;
+		const clientInfo = buildClientInfo();
+		if (!clientInfo || !discovery.asMetadata || !discovery.resource) {
+			phase = phase === "manual" ? "manual" : "error";
+			return;
+		}
+		phase = "starting";
+		try {
+			const { authUrl, flowId } = await startAuthFlow({
+				resource: discovery.resource,
+				asMetadata: discovery.asMetadata,
+				clientInfo,
+				popupMode: true,
+			});
+
+			phase = "popup";
+			try {
+				const payload = await openAuthPopup(authUrl, flowId);
+				if (!payload.ok) {
+					phase = "error";
+					errorMessage = payload.error || "Authorization failed";
+					return;
+				}
+				phase = "done";
+				onauthorized({ ...payload, resource: payload.resource ?? discovery.resource }, clientInfo);
+			} catch (e) {
+				const code = e instanceof Error ? e.message : String(e);
+				if (code === "popup-blocked") {
+					popupBlocked = true;
+					// Fall back to a full-page redirect, preserving where the user is so
+					// `consumeRedirectHandoff` can land them back here.
+					const next =
+						typeof window !== "undefined"
+							? window.location.pathname + window.location.search
+							: undefined;
+					const restart = await startAuthFlow({
+						resource: discovery.resource,
+						asMetadata: discovery.asMetadata,
+						clientInfo,
+						popupMode: false,
+						redirectNext: next,
+					});
+					runFullPageAuthFlow({
+						authUrl: restart.authUrl,
+						flowId: restart.flowId,
+						serverId,
+					});
+					return;
+				}
+				if (code === "popup-closed") {
+					phase = "idle";
+					errorMessage = "Authorization window was closed before completing.";
+					return;
+				}
+				phase = "error";
+				errorMessage = code;
+			}
+		} catch (e) {
+			phase = "error";
+			errorMessage = e instanceof Error ? e.message : "Failed to start authorization";
+		}
+	}
+</script>
+
+<div class="space-y-4">
+	<div
+		class="flex items-start gap-3 rounded-lg border border-blue-200 bg-blue-50 p-3 text-blue-900 dark:border-blue-800/40 dark:bg-blue-900/20 dark:text-blue-100"
+	>
+		<LucideShieldCheck class="mt-0.5 size-5 flex-none text-blue-600 dark:text-blue-300" />
+		<div class="text-sm leading-5">
+			<p class="font-medium">This server requires authorization</p>
+			<p class="mt-1 text-[13px] text-blue-800 dark:text-blue-100/90">
+				It is hosted at <code class="rounded bg-white/60 px-1 dark:bg-black/30">{serverUrl}</code>
+				and uses
+				<strong>{issuerHost}</strong>
+				to sign you in. You'll be redirected to grant access; tokens are stored in this browser only.
+			</p>
+		</div>
+	</div>
+
+	{#if phase === "manual"}
+		<div class="rounded-lg border border-gray-200 p-4 dark:border-gray-700">
+			<p class="mb-2 text-sm text-gray-700 dark:text-gray-300">
+				The authorization server doesn't support automatic client registration.
+				<br />Paste a Client ID you have already registered with
+				<strong>{issuerHost}</strong>.
+			</p>
+			<label class="mb-2 block text-sm">
+				<span class="text-gray-700 dark:text-gray-300">Client ID</span>
+				<input
+					bind:value={manualClientId}
+					class="mt-1 w-full rounded-lg border border-gray-300 bg-white px-3 py-2 text-sm dark:border-gray-600 dark:bg-gray-700 dark:text-white"
+					placeholder="Client ID from {issuerHost}"
+				/>
+			</label>
+			<label class="block text-sm">
+				<span class="text-gray-700 dark:text-gray-300">Client secret (optional)</span>
+				<input
+					type="password"
+					bind:value={manualClientSecret}
+					class="mt-1 w-full rounded-lg border border-gray-300 bg-white px-3 py-2 text-sm dark:border-gray-600 dark:bg-gray-700 dark:text-white"
+					placeholder="Leave blank for public clients"
+				/>
+			</label>
+		</div>
+	{/if}
+
+	{#if phase === "popup"}
+		<div class="flex items-center gap-2 text-sm text-gray-700 dark:text-gray-300">
+			<span class="size-3 animate-pulse rounded-full bg-blue-500"></span>
+			Waiting for you to complete authorization in the popup window…
+		</div>
+	{/if}
+
+	{#if phase === "done"}
+		<div class="flex items-center gap-2 text-sm text-green-700 dark:text-green-400">
+			<IconCheckmark class="size-4" />
+			Authorized
+		</div>
+	{/if}
+
+	{#if errorMessage}
+		<div
+			class="flex items-start gap-2 rounded-lg border border-red-200 bg-red-50 p-3 text-sm text-red-800 dark:border-red-800/40 dark:bg-red-900/20 dark:text-red-200"
+		>
+			<IconWarning class="mt-0.5 size-4 flex-none" />
+			<div>{errorMessage}</div>
+		</div>
+	{/if}
+
+	{#if popupBlocked}
+		<div class="text-xs text-gray-500 dark:text-gray-400">
+			Popup was blocked — falling back to full-page redirect…
+		</div>
+	{/if}
+
+	<div class="flex justify-end gap-2">
+		<button
+			type="button"
+			onclick={oncancel}
+			class="rounded-lg bg-gray-200 px-4 py-2 text-sm font-medium text-gray-700 hover:bg-gray-300 dark:bg-gray-700 dark:text-gray-300 dark:hover:bg-gray-600"
+		>
+			Cancel
+		</button>
+		<button
+			type="button"
+			onclick={handleAuthorize}
+			disabled={phase === "starting" || phase === "popup" || phase === "done"}
+			class="rounded-lg bg-blue-600 px-4 py-2 text-sm font-medium text-white hover:bg-blue-700 disabled:opacity-60"
+		>
+			{#if phase === "starting"}
+				Starting…
+			{:else if phase === "popup"}
+				Authorizing…
+			{:else if phase === "done"}
+				Done
+			{:else}
+				Authorize with {issuerHost}
+			{/if}
+		</button>
+	</div>
+</div>
diff --git a/src/lib/components/mcp/MCPServerManager.svelte b/src/lib/components/mcp/MCPServerManager.svelte
index 68d7dd69fa3..cb6d9752936 100644
--- a/src/lib/components/mcp/MCPServerManager.svelte
+++ b/src/lib/components/mcp/MCPServerManager.svelte
@@ -3,6 +3,7 @@
 	import Modal from "$lib/components/Modal.svelte";
 	import ServerCard from "./ServerCard.svelte";
 	import AddServerForm from "./AddServerForm.svelte";
+	import AuthorizeStep from "./AuthorizeStep.svelte";
 	import {
 		allMcpServers,
 		selectedServerIds,
@@ -10,8 +11,13 @@
 		addCustomServer,
 		refreshMcpServers,
 		healthCheckServer,
+		setServerOAuth,
+		setServerTokens,
+		toggleServer,
 	} from "$lib/stores/mcpServers";
-	import type { KeyValuePair } from "$lib/types/Tool";
+	import type { KeyValuePair, MCPClientInformation, MCPOAuthState } from "$lib/types/Tool";
+	import type { DiscoveryResponse, OAuthCallbackPayload } from "$lib/utils/mcpOAuth";
+	import { error } from "$lib/stores/errors";
 	import IconAddLarge from "~icons/carbon/add-large";
 	import IconRefresh from "~icons/carbon/renew";
 	import LucideHammer from "~icons/lucide/hammer";
@@ -25,16 +31,105 @@
 
 	let { onclose }: Props = $props();
 
-	type View = "list" | "add";
+	type View = "list" | "add" | "authorize";
 	let currentView = $state<View>("list");
 	let isRefreshing = $state(false);
+	let pendingAuth = $state<{
+		serverId: string;
+		serverUrl: string;
+		discovery: DiscoveryResponse;
+	} | null>(null);
 
 	const baseServers = $derived($allMcpServers.filter((s) => s.type === "base"));
 	const customServers = $derived($allMcpServers.filter((s) => s.type === "custom"));
 	const enabledCount = $derived($enabledServersCount);
 
-	function handleAddServer(serverData: { name: string; url: string; headers?: KeyValuePair[] }) {
-		addCustomServer(serverData);
+	function handleAddServer(serverData: {
+		name: string;
+		url: string;
+		headers?: KeyValuePair[];
+		discovery?: DiscoveryResponse;
+	}) {
+		// Save a partial oauth state on add (asMetadata + resource) even when DCR
+		// produced no clientInfo — the manual-client-id flow inside AuthorizeStep
+		// will fill it in via handleAuthorized below. Without this, setServerTokens
+		// would refuse to persist tokens later because s.oauth would be undefined.
+		const oauth: MCPOAuthState | undefined =
+			serverData.discovery?.requiresAuth &&
+			serverData.discovery.asMetadata &&
+			serverData.discovery.resource
+				? {
+						resource: serverData.discovery.resource,
+						asMetadata: serverData.discovery.asMetadata,
+						resourceMetadataUrl: serverData.discovery.resourceMetadataUrl,
+						clientInfo: serverData.discovery.clientInfo ?? {
+							client_id: "",
+							redirect_uris: [],
+						},
+						clientWasManuallyEntered: !serverData.discovery.supportsDcr,
+					}
+				: undefined;
+		const id = addCustomServer({
+			name: serverData.name,
+			url: serverData.url,
+			headers: serverData.headers,
+			oauth,
+			authRequired: !!oauth,
+		});
+		// Route to the authorize step only when we built a usable oauth state.
+		// If `requiresAuth` came back true but `asMetadata` / `resource` were
+		// missing (partial discovery), we'd otherwise route to AuthorizeStep and
+		// then `handleAuthorized` would silently bail — leaving the user with a
+		// permanently-broken half-state and no UI signal.
+		if (oauth && serverData.discovery) {
+			pendingAuth = {
+				serverId: id,
+				serverUrl: serverData.url,
+				discovery: serverData.discovery,
+			};
+			currentView = "authorize";
+		} else if (serverData.discovery?.requiresAuth) {
+			// Discovery said "needs auth" but we don't have enough metadata to
+			// drive the dance. Tell the user explicitly instead of silently adding
+			// a broken server.
+			currentView = "list";
+			$error = `${serverData.url} requires authorization but its OAuth metadata could not be loaded. Try Health Check or contact the server admin.`;
+		} else {
+			// Non-OAuth server: just close the form. The user flips the Switch on
+			// the card to enable it (matches pre-PR behavior).
+			currentView = "list";
+		}
+	}
+
+	function handleAuthorized(payload: OAuthCallbackPayload, clientInfo: MCPClientInformation) {
+		if (!pendingAuth || !payload.ok || !payload.tokens) return;
+		const { asMetadata, resource, resourceMetadataUrl, supportsDcr } = pendingAuth.discovery;
+		if (!asMetadata || !resource) return;
+		const serverId = pendingAuth.serverId;
+		// Persist the final clientInfo (auto-registered or manually entered) so
+		// future refresh / revoke calls don't lose it. Then write the tokens.
+		setServerOAuth(serverId, {
+			resource,
+			asMetadata,
+			resourceMetadataUrl,
+			clientInfo,
+			clientWasManuallyEntered: !supportsDcr,
+		});
+		setServerTokens(serverId, payload.tokens);
+		// Auto-enable on first authorization so the user can immediately use the
+		// server. If they were re-authorizing an already-enabled server, leave the
+		// selection state alone — toggling would turn it off.
+		if (!$selectedServerIds.has(serverId)) {
+			toggleServer(serverId);
+		}
+		const server = $allMcpServers.find((s) => s.id === serverId);
+		if (server) healthCheckServer({ ...server });
+		pendingAuth = null;
+		currentView = "list";
+	}
+
+	function handleAuthorizeCancel() {
+		pendingAuth = null;
 		currentView = "list";
 	}
 
@@ -42,6 +137,28 @@
 		currentView = "list";
 	}
 
+	function handleReauthorizeFromCard(detail: {
+		serverId: string;
+		serverUrl: string;
+		oauth: MCPOAuthState;
+	}) {
+		const discovery: DiscoveryResponse = {
+			requiresAuth: true,
+			resource: detail.oauth.resource,
+			resourceMetadataUrl: detail.oauth.resourceMetadataUrl,
+			asMetadata: detail.oauth.asMetadata,
+			clientInfo: detail.oauth.clientInfo,
+			supportsDcr: !detail.oauth.clientWasManuallyEntered,
+		};
+		setServerOAuth(detail.serverId, detail.oauth);
+		pendingAuth = {
+			serverId: detail.serverId,
+			serverUrl: detail.serverUrl,
+			discovery,
+		};
+		currentView = "authorize";
+	}
+
 	async function handleRefresh() {
 		if (isRefreshing) return;
 		isRefreshing = true;
@@ -63,6 +180,8 @@
 			<h2 class="mb-1 text-xl font-semibold text-gray-900 dark:text-gray-200">
 				{#if currentView === "list"}
 					MCP Servers
+				{:else if currentView === "authorize"}
+					Authorize MCP server
 				{:else}
 					Add MCP server
 				{/if}
@@ -70,6 +189,9 @@
 			<p class="text-sm text-gray-600 dark:text-gray-400">
 				{#if currentView === "list"}
 					Manage MCP servers to extend {publicConfig.PUBLIC_APP_NAME} with external tools.
+				{:else if currentView === "authorize"}
+					Sign in to {pendingAuth?.serverUrl} so {publicConfig.PUBLIC_APP_NAME} can call its tools on
+					your behalf.
 				{:else}
 					Add a custom MCP server to {publicConfig.PUBLIC_APP_NAME}.
 				{/if}
@@ -161,7 +283,11 @@
 					{:else}
 						<div class="grid grid-cols-1 gap-3 md:grid-cols-2">
 							{#each customServers as server (server.id)}
-								<ServerCard {server} isSelected={$selectedServerIds.has(server.id)} />
+								<ServerCard
+									{server}
+									isSelected={$selectedServerIds.has(server.id)}
+									onreauthorize={handleReauthorizeFromCard}
+								/>
 							{/each}
 						</div>
 					{/if}
@@ -180,6 +306,14 @@
 			</div>
 		{:else if currentView === "add"}
 			<AddServerForm onsubmit={handleAddServer} oncancel={handleCancel} />
+		{:else if currentView === "authorize" && pendingAuth}
+			<AuthorizeStep
+				discovery={pendingAuth.discovery}
+				serverUrl={pendingAuth.serverUrl}
+				serverId={pendingAuth.serverId}
+				onauthorized={handleAuthorized}
+				oncancel={handleAuthorizeCancel}
+			/>
 		{/if}
 	</div>
 </Modal>
diff --git a/src/lib/components/mcp/ServerCard.svelte b/src/lib/components/mcp/ServerCard.svelte
index 694cd1ee803..655623f7025 100644
--- a/src/lib/components/mcp/ServerCard.svelte
+++ b/src/lib/components/mcp/ServerCard.svelte
@@ -1,12 +1,20 @@
 <script lang="ts">
-	import type { MCPServer } from "$lib/types/Tool";
-	import { toggleServer, healthCheckServer, deleteCustomServer } from "$lib/stores/mcpServers";
+	import { onMount } from "svelte";
+	import type { MCPOAuthState, MCPServer } from "$lib/types/Tool";
+	import {
+		toggleServer,
+		healthCheckServer,
+		deleteCustomServer,
+		disconnectServerOAuth,
+	} from "$lib/stores/mcpServers";
 	import IconCheckmark from "~icons/carbon/checkmark-filled";
 	import IconWarning from "~icons/carbon/warning-filled";
 	import IconPending from "~icons/carbon/pending-filled";
 	import IconRefresh from "~icons/carbon/renew";
 	import IconTrash from "~icons/carbon/trash-can";
+	import IconLock from "~icons/carbon/locked";
 	import LucideHammer from "~icons/lucide/hammer";
+	import LucideShieldCheck from "~icons/lucide/shield-check";
 	import IconSettings from "~icons/carbon/settings";
 	import Switch from "$lib/components/Switch.svelte";
 	import { getMcpServerFaviconUrl } from "$lib/utils/favicon";
@@ -14,16 +22,64 @@
 	interface Props {
 		server: MCPServer;
 		isSelected: boolean;
+		onreauthorize?: (detail: { serverId: string; serverUrl: string; oauth: MCPOAuthState }) => void;
 	}
 
-	let { server, isSelected }: Props = $props();
+	let { server, isSelected, onreauthorize }: Props = $props();
 
 	let isLoadingHealth = $state(false);
 
+	// Reactive wall-clock tick so the `Authorized · expires in …` pill flips to
+	// `Authorization required` (and the Authorize button appears) as time passes
+	// while the modal is open. `Date.now()` alone is not a tracked reactive
+	// source in Svelte 5 — derivations that read it are frozen at first compute.
+	let now = $state(Date.now());
+	onMount(() => {
+		const id = setInterval(() => (now = Date.now()), 30_000);
+		return () => clearInterval(id);
+	});
+
 	// Show a quick-access link ONLY for the exact HF MCP login endpoint
 	import { isStrictHfMcpLogin as isStrictHfMcpLoginUrl } from "$lib/utils/hf";
 	const isHfMcp = $derived.by(() => isStrictHfMcpLoginUrl(server.url));
 
+	const oauthAuthorized = $derived(
+		Boolean(
+			server.oauth?.tokens?.access_token &&
+				(!server.oauth.tokens.expires_at || server.oauth.tokens.expires_at > now)
+		)
+	);
+	const oauthNeedsAuth = $derived(Boolean(server.oauth) && !oauthAuthorized);
+	const issuerHost = $derived.by(() => {
+		try {
+			return server.oauth?.asMetadata?.issuer ? new URL(server.oauth.asMetadata.issuer).host : "";
+		} catch {
+			return server.oauth?.asMetadata?.issuer ?? "";
+		}
+	});
+	const expiresInLabel = $derived.by(() => {
+		const exp = server.oauth?.tokens?.expires_at;
+		if (!exp) return null;
+		const ms = exp - now;
+		if (ms <= 0) return "expired";
+		if (ms < 60_000) return "expires in <1m";
+		const minutes = Math.ceil(ms / 60_000);
+		if (minutes < 60) return `expires in ${minutes}m`;
+		const hours = Math.ceil(minutes / 60);
+		if (hours < 24) return `expires in ${hours}h`;
+		const days = Math.ceil(hours / 24);
+		return `expires in ${days}d`;
+	});
+
+	function handleReauthorize() {
+		if (!server.oauth || !onreauthorize) return;
+		onreauthorize({ serverId: server.id, serverUrl: server.url, oauth: server.oauth });
+	}
+
+	async function handleDisconnect() {
+		await disconnectServerOAuth(server.id);
+	}
+
 	const statusInfo = $derived.by(() => {
 		switch (server.status) {
 			case "connected":
@@ -109,7 +165,7 @@
 
 		<!-- Status -->
 		{#if server.status}
-			<div class="mb-2 flex items-center gap-2">
+			<div class="mb-2 flex flex-wrap items-center gap-2">
 				<span
 					class="inline-flex items-center gap-1 rounded-full {statusInfo.bgColor} py-0.5 pl-1.5 pr-2 text-xs font-medium {statusInfo.color}"
 				>
@@ -125,6 +181,23 @@
 					{statusInfo.label}
 				</span>
 
+				{#if oauthAuthorized}
+					<span
+						class="inline-flex items-center gap-1 rounded-full bg-green-100 py-0.5 pl-1.5 pr-2 text-xs font-medium text-green-600 dark:bg-green-900/20 dark:text-green-400"
+						title={issuerHost ? `OAuth via ${issuerHost}` : "OAuth-authorized"}
+					>
+						<LucideShieldCheck class="size-3" />
+						Authorized{expiresInLabel ? ` · ${expiresInLabel}` : ""}
+					</span>
+				{:else if oauthNeedsAuth}
+					<span
+						class="inline-flex items-center gap-1 rounded-full bg-amber-50 py-0.5 pl-1.5 pr-2 text-xs font-medium text-amber-700 dark:bg-amber-900/20 dark:text-amber-300"
+					>
+						<IconLock class="size-3" />
+						Authorization required
+					</span>
+				{/if}
+
 				{#if server.tools && server.tools.length > 0}
 					<span class="inline-flex items-center gap-1 text-xs text-gray-600 dark:text-gray-400">
 						<LucideHammer class="size-3" />
@@ -148,6 +221,16 @@
 
 		<!-- Actions -->
 		<div class="flex flex-wrap gap-1">
+			{#if oauthNeedsAuth}
+				<button
+					onclick={handleReauthorize}
+					class="flex items-center gap-1.5 rounded-lg bg-blue-600 px-2.5 py-[.29rem] text-xs font-medium text-white hover:bg-blue-700"
+				>
+					<LucideShieldCheck class="size-3" />
+					Authorize
+				</button>
+			{/if}
+
 			<button
 				onclick={handleHealthCheck}
 				disabled={isLoadingHealth}
@@ -157,6 +240,16 @@
 				Health Check
 			</button>
 
+			{#if oauthAuthorized}
+				<button
+					onclick={handleDisconnect}
+					class="flex items-center gap-1.5 rounded-lg border border-gray-200 bg-white px-2.5 py-[.29rem] text-xs font-medium text-gray-700 hover:bg-gray-50 dark:border-gray-600 dark:bg-gray-700 dark:text-gray-300 dark:hover:bg-gray-600"
+				>
+					<IconLock class="size-3" />
+					Disconnect
+				</button>
+			{/if}
+
 			{#if isHfMcp}
 				<a
 					href="https://huggingface.co/settings/mcp"
diff --git a/src/lib/server/mcp/oauth/canonical.spec.ts b/src/lib/server/mcp/oauth/canonical.spec.ts
new file mode 100644
index 00000000000..9d42e962015
--- /dev/null
+++ b/src/lib/server/mcp/oauth/canonical.spec.ts
@@ -0,0 +1,42 @@
+import { describe, expect, it } from "vitest";
+import { canonicalizeMcpUri } from "./canonical";
+
+describe("canonicalizeMcpUri", () => {
+	it("matches RFC 8707 examples from the MCP spec", () => {
+		expect(canonicalizeMcpUri("https://mcp.example.com/mcp")).toBe("https://mcp.example.com/mcp");
+		expect(canonicalizeMcpUri("https://mcp.example.com")).toBe("https://mcp.example.com");
+		expect(canonicalizeMcpUri("https://mcp.example.com:8443")).toBe("https://mcp.example.com:8443");
+		expect(canonicalizeMcpUri("https://mcp.example.com/server/mcp")).toBe(
+			"https://mcp.example.com/server/mcp"
+		);
+	});
+
+	it("strips fragments", () => {
+		expect(canonicalizeMcpUri("https://mcp.example.com/mcp#tools")).toBe(
+			"https://mcp.example.com/mcp"
+		);
+	});
+
+	it("normalizes trailing slash on bare host", () => {
+		expect(canonicalizeMcpUri("https://mcp.example.com/")).toBe("https://mcp.example.com");
+	});
+
+	it("strips trailing slash on a path", () => {
+		expect(canonicalizeMcpUri("https://mcp.example.com/mcp/")).toBe("https://mcp.example.com/mcp");
+	});
+
+	it("lowercases scheme and host", () => {
+		expect(canonicalizeMcpUri("HTTPS://MCP.Example.COM/MCP")).toBe("https://mcp.example.com/MCP");
+	});
+
+	it("preserves query string", () => {
+		expect(canonicalizeMcpUri("https://huggingface.co/mcp?login")).toBe(
+			"https://huggingface.co/mcp?login"
+		);
+	});
+
+	it("rejects non-HTTP(S) schemes", () => {
+		expect(() => canonicalizeMcpUri("javascript:alert(1)")).toThrow();
+		expect(() => canonicalizeMcpUri("ftp://example.com")).toThrow();
+	});
+});
diff --git a/src/lib/server/mcp/oauth/canonical.ts b/src/lib/server/mcp/oauth/canonical.ts
new file mode 100644
index 00000000000..fc53233f041
--- /dev/null
+++ b/src/lib/server/mcp/oauth/canonical.ts
@@ -0,0 +1,38 @@
+/**
+ * Canonicalize an MCP server URL per RFC 8707 Section 2 / MCP Authorization spec.
+ *
+ * The canonical form:
+ *  - lowercases the scheme and host
+ *  - strips any URL fragment
+ *  - drops a single trailing slash on the path unless it is the only character
+ *    (i.e., the bare-host form `https://host` stays without a slash)
+ *  - keeps the path otherwise verbatim (path components can be semantically
+ *    significant when a single host serves multiple MCP servers)
+ *  - keeps query string verbatim (e.g., the HF login MCP uses `?login`)
+ *
+ * Throws if the input is not a valid HTTP(S) URL.
+ */
+export function canonicalizeMcpUri(input: string | URL): string {
+	const url = input instanceof URL ? new URL(input.toString()) : new URL(input);
+
+	if (url.protocol !== "https:" && url.protocol !== "http:") {
+		throw new Error(`Unsupported scheme for MCP URI: ${url.protocol}`);
+	}
+
+	url.hash = "";
+	url.protocol = url.protocol.toLowerCase();
+	url.hostname = url.hostname.toLowerCase();
+
+	if (url.pathname.length > 1 && url.pathname.endsWith("/")) {
+		url.pathname = url.pathname.replace(/\/+$/, "");
+	}
+
+	let canonical = url.toString();
+	// URL.toString() emits "https://host/" for bare-host inputs; the spec example
+	// uses "https://mcp.example.com" without the trailing slash, so strip it
+	// when there is no real path.
+	if (url.pathname === "/" && canonical.endsWith("/")) {
+		canonical = canonical.slice(0, -1);
+	}
+	return canonical;
+}
diff --git a/src/lib/server/mcp/oauth/discover.ts b/src/lib/server/mcp/oauth/discover.ts
new file mode 100644
index 00000000000..b6f29bec24f
--- /dev/null
+++ b/src/lib/server/mcp/oauth/discover.ts
@@ -0,0 +1,168 @@
+import {
+	discoverAuthorizationServerMetadata,
+	discoverOAuthProtectedResourceMetadata,
+	extractWWWAuthenticateParams,
+	registerClient,
+} from "@modelcontextprotocol/sdk/client/auth.js";
+import type {
+	AuthorizationServerMetadata,
+	OAuthClientInformationFull,
+	OAuthProtectedResourceMetadata,
+} from "@modelcontextprotocol/sdk/shared/auth.js";
+import { isValidUrl, ssrfSafeFetch } from "$lib/server/urlSafety";
+import { logger } from "$lib/server/logger";
+import { canonicalizeMcpUri } from "./canonical";
+
+export interface DiscoveryResult {
+	requiresAuth: boolean;
+	// Set when requiresAuth=true
+	resource?: string;
+	resourceMetadataUrl?: string;
+	resourceMetadata?: OAuthProtectedResourceMetadata;
+	asMetadata?: AuthorizationServerMetadata;
+	clientInfo?: OAuthClientInformationFull;
+	supportsDcr?: boolean;
+	// Set when requiresAuth=false but the probe succeeded; informational.
+	probeStatus?: number;
+}
+
+const PROBE_TIMEOUT_MS = 15_000;
+const PROTOCOL_VERSION = "2025-06-18";
+
+const probeBody = JSON.stringify({
+	jsonrpc: "2.0",
+	id: "chat-ui-mcp-probe",
+	method: "initialize",
+	params: {
+		protocolVersion: PROTOCOL_VERSION,
+		capabilities: {},
+		clientInfo: { name: "chat-ui-mcp-probe", version: "0.1.0" },
+	},
+});
+
+async function probeMcpServer(url: string, signal: AbortSignal): Promise<Response> {
+	return ssrfSafeFetch(url, {
+		method: "POST",
+		signal,
+		headers: {
+			"Content-Type": "application/json",
+			Accept: "application/json, text/event-stream",
+			"MCP-Protocol-Version": PROTOCOL_VERSION,
+		},
+		body: probeBody,
+	});
+}
+
+/**
+ * Walk the MCP authorization discovery dance from a server URL:
+ *
+ *   1. Probe the MCP server with an `initialize` request (no auth).
+ *   2. If we get a 401, parse the `WWW-Authenticate` header for the RFC 9728
+ *      `resource_metadata` URL.
+ *   3. Fetch the Protected Resource Metadata (RFC 9728) and pick the first
+ *      `authorization_servers[]` entry.
+ *   4. Fetch the Authorization Server Metadata (RFC 8414, with OIDC fallback).
+ *   5. If the AS exposes `registration_endpoint`, do RFC 7591 Dynamic Client
+ *      Registration so the user doesn't have to paste a client ID.
+ *
+ * Throws on hard failures (network errors, unparseable metadata). Returns
+ * `requiresAuth: false` if the probe succeeded with 2xx — meaning the server
+ * does not need auth.
+ */
+export async function discoverServerOAuth(
+	serverUrl: string,
+	options: { redirectUri: string; appName: string }
+): Promise<DiscoveryResult> {
+	if (!isValidUrl(serverUrl)) {
+		throw new Error("Server URL is not a public HTTPS URL");
+	}
+
+	const controller = new AbortController();
+	const timeout = setTimeout(() => controller.abort(), PROBE_TIMEOUT_MS);
+
+	let probe: Response;
+	try {
+		probe = await probeMcpServer(serverUrl, controller.signal);
+	} finally {
+		clearTimeout(timeout);
+	}
+
+	if (probe.status !== 401 && probe.status !== 403) {
+		// Drain body to free socket
+		try {
+			await probe.body?.cancel();
+		} catch {}
+		return { requiresAuth: false, probeStatus: probe.status };
+	}
+
+	const { resourceMetadataUrl } = extractWWWAuthenticateParams(probe);
+	try {
+		await probe.body?.cancel();
+	} catch {}
+
+	const resource = canonicalizeMcpUri(serverUrl);
+
+	const resourceMetadata = await discoverOAuthProtectedResourceMetadata(
+		serverUrl,
+		resourceMetadataUrl ? { resourceMetadataUrl } : undefined,
+		ssrfSafeFetch as unknown as typeof fetch
+	);
+
+	const asUrl = resourceMetadata.authorization_servers?.[0];
+	if (!asUrl) {
+		throw new Error(
+			"MCP server's protected-resource metadata does not list any authorization_servers"
+		);
+	}
+
+	const asMetadata = await discoverAuthorizationServerMetadata(asUrl, {
+		fetchFn: ssrfSafeFetch as unknown as typeof fetch,
+		protocolVersion: PROTOCOL_VERSION,
+	});
+	if (!asMetadata) {
+		throw new Error(`Could not load authorization server metadata for ${asUrl}`);
+	}
+
+	let clientInfo: OAuthClientInformationFull | undefined;
+	const supportsDcr = Boolean(asMetadata.registration_endpoint);
+	if (supportsDcr) {
+		try {
+			const hostname = (() => {
+				try {
+					return new URL(serverUrl).hostname;
+				} catch {
+					return serverUrl;
+				}
+			})();
+			clientInfo = await registerClient(asUrl, {
+				metadata: asMetadata,
+				clientMetadata: {
+					redirect_uris: [options.redirectUri],
+					token_endpoint_auth_method: "none",
+					grant_types: ["authorization_code", "refresh_token"],
+					response_types: ["code"],
+					client_name: `${options.appName} – ${hostname}`,
+					scope: asMetadata.scopes_supported?.join(" "),
+					logo_uri: undefined,
+					tos_uri: undefined,
+				},
+				fetchFn: ssrfSafeFetch as unknown as typeof fetch,
+			});
+		} catch (err) {
+			logger.warn(
+				{ err: String(err), asUrl: asUrl.toString() },
+				"[mcp-oauth] dynamic client registration failed; falling back to manual entry"
+			);
+		}
+	}
+
+	return {
+		requiresAuth: true,
+		resource,
+		resourceMetadataUrl: resourceMetadataUrl?.toString(),
+		resourceMetadata,
+		asMetadata,
+		clientInfo,
+		supportsDcr,
+	};
+}
diff --git a/src/lib/server/mcp/oauth/exchange.ts b/src/lib/server/mcp/oauth/exchange.ts
new file mode 100644
index 00000000000..f63d0630daa
--- /dev/null
+++ b/src/lib/server/mcp/oauth/exchange.ts
@@ -0,0 +1,110 @@
+import {
+	exchangeAuthorization,
+	refreshAuthorization,
+	startAuthorization,
+} from "@modelcontextprotocol/sdk/client/auth.js";
+import type {
+	AuthorizationServerMetadata,
+	OAuthClientInformationFull,
+	OAuthTokens,
+} from "@modelcontextprotocol/sdk/shared/auth.js";
+import { ssrfSafeFetch } from "$lib/server/urlSafety";
+
+export async function buildAuthorizationUrl(args: {
+	asMetadata: AuthorizationServerMetadata;
+	clientInfo: OAuthClientInformationFull;
+	redirectUri: string;
+	resource: string;
+	state: string;
+	scope?: string;
+}): Promise<{ authorizationUrl: URL; codeVerifier: string }> {
+	return startAuthorization(args.asMetadata.issuer, {
+		metadata: args.asMetadata,
+		clientInformation: args.clientInfo,
+		redirectUrl: args.redirectUri,
+		state: args.state,
+		scope: args.scope ?? args.asMetadata.scopes_supported?.join(" "),
+		resource: new URL(args.resource),
+	});
+}
+
+export async function exchangeCodeForTokens(args: {
+	asMetadata: AuthorizationServerMetadata;
+	clientInfo: OAuthClientInformationFull;
+	redirectUri: string;
+	resource: string;
+	code: string;
+	codeVerifier: string;
+}): Promise<OAuthTokens> {
+	return exchangeAuthorization(args.asMetadata.issuer, {
+		metadata: args.asMetadata,
+		clientInformation: args.clientInfo,
+		authorizationCode: args.code,
+		codeVerifier: args.codeVerifier,
+		redirectUri: args.redirectUri,
+		resource: new URL(args.resource),
+		fetchFn: ssrfSafeFetch as unknown as typeof fetch,
+	});
+}
+
+export async function refreshTokens(args: {
+	asMetadata: AuthorizationServerMetadata;
+	clientInfo: OAuthClientInformationFull;
+	resource: string;
+	refreshToken: string;
+}): Promise<OAuthTokens> {
+	return refreshAuthorization(args.asMetadata.issuer, {
+		metadata: args.asMetadata,
+		clientInformation: args.clientInfo,
+		refreshToken: args.refreshToken,
+		resource: new URL(args.resource),
+		fetchFn: ssrfSafeFetch as unknown as typeof fetch,
+	});
+}
+
+/**
+ * Best-effort RFC 7009 token revocation. Returns `true` if the AS confirmed
+ * revocation, `false` if it doesn't expose `revocation_endpoint` or returns an
+ * error. Never throws — disconnect should never block on the AS.
+ */
+export async function tryRevokeToken(args: {
+	asMetadata: AuthorizationServerMetadata;
+	clientInfo: OAuthClientInformationFull;
+	token: string;
+	tokenTypeHint?: "access_token" | "refresh_token";
+}): Promise<boolean> {
+	const endpoint = (args.asMetadata as unknown as Record<string, unknown>).revocation_endpoint;
+	if (!endpoint || typeof endpoint !== "string") return false;
+
+	const body = new URLSearchParams();
+	body.set("token", args.token);
+	if (args.tokenTypeHint) body.set("token_type_hint", args.tokenTypeHint);
+	body.set("client_id", args.clientInfo.client_id);
+	if (args.clientInfo.client_secret) {
+		body.set("client_secret", args.clientInfo.client_secret);
+	}
+
+	try {
+		const res = await ssrfSafeFetch(endpoint, {
+			method: "POST",
+			headers: {
+				"Content-Type": "application/x-www-form-urlencoded",
+				Accept: "application/json",
+			},
+			body,
+		});
+		try {
+			await res.body?.cancel();
+		} catch {}
+		return res.ok;
+	} catch {
+		return false;
+	}
+}
+
+export function tokensWithExpiresAt(tokens: OAuthTokens): OAuthTokens & { expires_at?: number } {
+	if (typeof tokens.expires_in === "number" && tokens.expires_in > 0) {
+		return { ...tokens, expires_at: Date.now() + tokens.expires_in * 1000 };
+	}
+	return { ...tokens };
+}
diff --git a/src/lib/server/mcp/oauth/state.spec.ts b/src/lib/server/mcp/oauth/state.spec.ts
new file mode 100644
index 00000000000..b239f268249
--- /dev/null
+++ b/src/lib/server/mcp/oauth/state.spec.ts
@@ -0,0 +1,69 @@
+import { describe, expect, it } from "vitest";
+import {
+	FLOW_TTL_MS,
+	newFlowId,
+	signFlowCookie,
+	verifyFlowCookie,
+	type OAuthFlowState,
+} from "./state";
+
+function makeState(overrides: Partial<OAuthFlowState> = {}): OAuthFlowState {
+	return {
+		flowId: newFlowId(),
+		verifier: "abcdef-pkce-verifier",
+		expectedState: "state-xyz",
+		asMetadata: {
+			issuer: "https://example.com",
+			authorization_endpoint: "https://example.com/authorize",
+			token_endpoint: "https://example.com/token",
+		},
+		clientInfo: {
+			client_id: "client123",
+			redirect_uris: ["https://chat.example/api/mcp/oauth/callback"],
+		},
+		resource: "https://mcp.example.com",
+		redirectUri: "https://chat.example/api/mcp/oauth/callback",
+		popupMode: true,
+		expiresAt: Date.now() + FLOW_TTL_MS,
+		...overrides,
+	};
+}
+
+describe("OAuth flow cookie", () => {
+	it("round-trips a valid state", () => {
+		const state = makeState();
+		const cookie = signFlowCookie(state);
+		const out = verifyFlowCookie(cookie);
+		if (!out) throw new Error("expected verifyFlowCookie to return a payload");
+		expect(out.flowId).toBe(state.flowId);
+		expect(out.verifier).toBe(state.verifier);
+		expect(out.expectedState).toBe(state.expectedState);
+		expect(out.resource).toBe(state.resource);
+	});
+
+	it("rejects a tampered payload", () => {
+		const cookie = signFlowCookie(makeState());
+		const sig = cookie.slice(cookie.lastIndexOf(".") + 1);
+		// Re-encode a different payload but keep the original signature.
+		const tampered = Buffer.from('{"flowId":"x"}', "utf8").toString("base64url");
+		expect(verifyFlowCookie(`${tampered}.${sig}`)).toBeNull();
+	});
+
+	it("rejects a tampered signature", () => {
+		const cookie = signFlowCookie(makeState());
+		const payload = cookie.slice(0, cookie.lastIndexOf("."));
+		expect(verifyFlowCookie(`${payload}.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA`)).toBeNull();
+	});
+
+	it("rejects expired state", () => {
+		const expired = signFlowCookie(makeState({ expiresAt: Date.now() - 1 }));
+		expect(verifyFlowCookie(expired)).toBeNull();
+	});
+
+	it("rejects empty / malformed input", () => {
+		expect(verifyFlowCookie(undefined)).toBeNull();
+		expect(verifyFlowCookie("")).toBeNull();
+		expect(verifyFlowCookie("not-a-cookie")).toBeNull();
+		expect(verifyFlowCookie("missing.signature.parts")).toBeNull();
+	});
+});
diff --git a/src/lib/server/mcp/oauth/state.ts b/src/lib/server/mcp/oauth/state.ts
new file mode 100644
index 00000000000..a4b370903f5
--- /dev/null
+++ b/src/lib/server/mcp/oauth/state.ts
@@ -0,0 +1,83 @@
+import { createHmac, randomUUID, timingSafeEqual } from "crypto";
+import { config } from "$lib/server/config";
+
+/**
+ * Per-flow state we keep for the duration of an OAuth dance. It lives in an
+ * HttpOnly cookie keyed by `flowId`, so it survives the popup -> AS -> callback
+ * round-trip without being exposed to JS in the chat-ui origin (mitigates the
+ * impact of XSS during the window the verifier is alive). The cookie is
+ * deleted by the callback handler as soon as it has been consumed, regardless
+ * of whether the exchange succeeded.
+ */
+export interface OAuthFlowState {
+	flowId: string;
+	verifier: string;
+	expectedState: string;
+	asMetadata: import("$lib/types/Tool").MCPAuthorizationServerMetadata;
+	clientInfo: import("$lib/types/Tool").MCPClientInformation;
+	resource: string;
+	redirectUri: string;
+	popupMode: boolean;
+	redirectNext?: string;
+	expiresAt: number;
+}
+
+const HMAC_SECRET_FALLBACK = "mcp-oauth-flow";
+
+function hmacSecret(): string {
+	const secret =
+		(config as unknown as { OPENID_CLIENT_SECRET?: string }).OPENID_CLIENT_SECRET ||
+		(config as unknown as { COOKIE_SECRET?: string }).COOKIE_SECRET ||
+		"";
+	return secret.length > 0 ? secret : HMAC_SECRET_FALLBACK;
+}
+
+function sign(payload: string): string {
+	return createHmac("sha256", hmacSecret()).update(payload).digest("base64url");
+}
+
+export function newFlowId(): string {
+	return randomUUID();
+}
+
+export function signFlowCookie(state: OAuthFlowState): string {
+	const json = JSON.stringify(state);
+	const payload = Buffer.from(json, "utf8").toString("base64url");
+	const sig = sign(payload);
+	return `${payload}.${sig}`;
+}
+
+export function verifyFlowCookie(value: string | undefined): OAuthFlowState | null {
+	if (!value || typeof value !== "string") return null;
+	const dot = value.lastIndexOf(".");
+	if (dot < 0) return null;
+	const payload = value.slice(0, dot);
+	const sig = value.slice(dot + 1);
+
+	const expected = sign(payload);
+	const a = Buffer.from(expected);
+	const b = Buffer.from(sig);
+	if (a.length !== b.length || !timingSafeEqual(a, b)) return null;
+
+	let parsed: OAuthFlowState;
+	try {
+		parsed = JSON.parse(Buffer.from(payload, "base64url").toString("utf8"));
+	} catch {
+		return null;
+	}
+
+	if (typeof parsed.expiresAt !== "number" || Date.now() > parsed.expiresAt) {
+		return null;
+	}
+	if (
+		typeof parsed.flowId !== "string" ||
+		typeof parsed.verifier !== "string" ||
+		typeof parsed.expectedState !== "string"
+	) {
+		return null;
+	}
+	return parsed;
+}
+
+export const FLOW_COOKIE_NAME = "hfChat-mcp-oauth-flow";
+export const FLOW_TTL_MS = 10 * 60 * 1000; // 10 minutes
diff --git a/src/lib/stores/mcpServers.ts b/src/lib/stores/mcpServers.ts
index 8ce5f38ff65..f43ac0b1c86 100644
--- a/src/lib/stores/mcpServers.ts
+++ b/src/lib/stores/mcpServers.ts
@@ -8,7 +8,20 @@ import { writable, derived, get } from "svelte/store";
 import { base } from "$app/paths";
 import { env as publicEnv } from "$env/dynamic/public";
 import { browser } from "$app/environment";
-import type { MCPServer, ServerStatus, MCPTool } from "$lib/types/Tool";
+import type {
+	KeyValuePair,
+	MCPOAuthState,
+	MCPOAuthTokens,
+	MCPServer,
+	ServerStatus,
+	MCPTool,
+} from "$lib/types/Tool";
+import {
+	isTokenExpiringSoon,
+	OAuthRefreshRejectedError,
+	refreshAccessToken,
+	revokeAccessToken,
+} from "$lib/utils/mcpOAuth";
 
 // Namespace storage by app identity to avoid collisions across apps
 function toKeyPart(s: string | undefined): string {
@@ -308,6 +321,152 @@ export function updateServerStatus(
 	);
 }
 
+/**
+ * Build the headers we should actually send when talking to this server. Merges
+ * any user-entered manual headers with an `Authorization: Bearer …` overlay
+ * from `oauth.tokens` if present. Manual headers always win on conflict.
+ */
+export function effectiveServerHeaders(server: MCPServer): KeyValuePair[] {
+	const out: KeyValuePair[] = [];
+	const seen = new Set<string>();
+	for (const h of server.headers ?? []) {
+		out.push(h);
+		seen.add(h.key.toLowerCase());
+	}
+	const access = server.oauth?.tokens?.access_token;
+	if (access && !seen.has("authorization")) {
+		out.push({ key: "Authorization", value: `Bearer ${access}` });
+	}
+	return out;
+}
+
+/**
+ * Set / replace the full OAuth state on a custom server (e.g., after the
+ * Authorize popup flow completes successfully).
+ */
+export function setServerOAuth(id: string, oauth: MCPOAuthState) {
+	allMcpServers.update(($servers) =>
+		$servers.map((s) => (s.id === id ? { ...s, oauth, authRequired: !oauth.tokens } : s))
+	);
+	persistCustomServers();
+}
+
+/**
+ * Replace just the tokens (e.g., after a refresh or a postMessage from the
+ * popup). Preserves the OAuth metadata snapshot so subsequent refreshes still
+ * work without re-discovery.
+ */
+export function setServerTokens(id: string, tokens: MCPOAuthTokens) {
+	allMcpServers.update(($servers) =>
+		$servers.map((s) => {
+			if (s.id !== id || !s.oauth) return s;
+			return {
+				...s,
+				oauth: { ...s.oauth, tokens },
+				authRequired: false,
+			};
+		})
+	);
+	persistCustomServers();
+}
+
+/**
+ * Clear tokens (e.g., on Disconnect). Keeps the rest of the OAuth state so a
+ * one-click re-authorize still works.
+ */
+export function clearServerTokens(id: string) {
+	allMcpServers.update(($servers) =>
+		$servers.map((s) => {
+			if (s.id !== id || !s.oauth) return s;
+			const next = { ...s.oauth };
+			delete next.tokens;
+			return { ...s, oauth: next, authRequired: true };
+		})
+	);
+	persistCustomServers();
+}
+
+/**
+ * Best-effort RFC 7009 revoke + clear. Returns whether the AS confirmed
+ * revocation (false is fine — local state is cleared either way).
+ */
+export async function disconnectServerOAuth(id: string): Promise<boolean> {
+	const server = get(allMcpServers).find((s) => s.id === id);
+	if (!server?.oauth) return false;
+	const { asMetadata, clientInfo, tokens } = server.oauth;
+	clearServerTokens(id);
+	if (!tokens) return false;
+	const tokenToRevoke = tokens.refresh_token ?? tokens.access_token;
+	if (!tokenToRevoke) return false;
+	return revokeAccessToken({
+		asMetadata,
+		clientInfo,
+		token: tokenToRevoke,
+		tokenTypeHint: tokens.refresh_token ? "refresh_token" : "access_token",
+	});
+}
+
+/**
+ * Refresh tokens for a single server if they're expiring soon and we have a
+ * refresh_token. Updates store + localStorage in place. Returns the (possibly
+ * updated) server entry. Throws on hard refresh failure so callers can
+ * surface a "Reconnect" prompt.
+ */
+export async function refreshServerTokensIfNeeded(serverId: string): Promise<MCPServer | null> {
+	const server = get(allMcpServers).find((s) => s.id === serverId);
+	if (!server?.oauth?.tokens) return server ?? null;
+	const { tokens, asMetadata, clientInfo, resource } = server.oauth;
+	if (!tokens.refresh_token) return server;
+	if (!isTokenExpiringSoon(tokens)) return server;
+	let fresh: MCPOAuthTokens;
+	try {
+		fresh = await refreshAccessToken({
+			asMetadata,
+			clientInfo,
+			resource,
+			refreshToken: tokens.refresh_token,
+		});
+	} catch (e) {
+		// Only wipe tokens for definite AS-side rejections (revoked / rotated /
+		// invalid_grant). Transport-layer failures (offline, 5xx, timeout) leave
+		// the refresh_token presumed-valid; preserve it so the next refresh
+		// window can retry instead of silently logging the user out on a
+		// network blip.
+		if (e instanceof OAuthRefreshRejectedError) {
+			clearServerTokens(serverId);
+		}
+		throw e;
+	}
+	// AS may not rotate the refresh_token; preserve the old one if missing.
+	const next: MCPOAuthTokens = {
+		...fresh,
+		refresh_token: fresh.refresh_token ?? tokens.refresh_token,
+	};
+	setServerTokens(serverId, next);
+	return get(allMcpServers).find((s) => s.id === serverId) ?? null;
+}
+
+/**
+ * Refresh every enabled server with an OAuth refresh_token that is expiring
+ * soon. Errors per-server are swallowed (the chat send proceeds; if the server
+ * really is broken, the chat-side 401 path will surface "Reconnect"). Should
+ * be awaited before building the FormData payload for the chat request.
+ */
+export async function refreshAllExpiredTokens(): Promise<void> {
+	const servers = get(enabledServers);
+	const ids = servers
+		.filter((s) => s.oauth?.tokens?.refresh_token && isTokenExpiringSoon(s.oauth.tokens))
+		.map((s) => s.id);
+	if (ids.length === 0) return;
+	await Promise.allSettled(ids.map((id) => refreshServerTokensIfNeeded(id)));
+}
+
+function persistCustomServers() {
+	const all = get(allMcpServers);
+	const customs = all.filter((s) => s.type === "custom");
+	saveCustomServers(customs);
+}
+
 /**
  * Run health check on a server
  */
@@ -320,7 +479,10 @@ export async function healthCheckServer(
 		const response = await fetch(`${base}/api/mcp/health`, {
 			method: "POST",
 			headers: { "Content-Type": "application/json" },
-			body: JSON.stringify({ url: server.url, headers: server.headers }),
+			body: JSON.stringify({
+				url: server.url,
+				headers: effectiveServerHeaders(server),
+			}),
 		});
 
 		const result = await response.json();
@@ -339,7 +501,29 @@ export async function healthCheckServer(
 	}
 }
 
+/**
+ * After a full-page redirect OAuth flow returns, consume any handoff payload
+ * from the URL hash and apply it to the corresponding server entry.
+ */
+async function consumeOAuthRedirectIfAny() {
+	if (!browser) return;
+	const { consumeRedirectHandoff } = await import("$lib/utils/mcpOAuth");
+	const result = consumeRedirectHandoff();
+	if (!result) return;
+	const { payload, serverId } = result;
+	if (!payload.ok || !payload.tokens) return;
+	setServerTokens(serverId, payload.tokens);
+	// Mirror the popup path's behavior: auto-enable a freshly-authorized server
+	// so its tools ship with the next chat without the user having to flip the
+	// switch on the card.
+	if (!get(selectedServerIds).has(serverId)) {
+		toggleServer(serverId);
+	}
+}
+
 // Initialize on module load
 if (browser) {
-	refreshMcpServers();
+	refreshMcpServers().then(() => {
+		consumeOAuthRedirectIfAny();
+	});
 }
diff --git a/src/lib/types/Tool.ts b/src/lib/types/Tool.ts
index e2172e17ce0..209a18593e1 100644
--- a/src/lib/types/Tool.ts
+++ b/src/lib/types/Tool.ts
@@ -53,6 +53,54 @@ export interface MCPTool {
 	inputSchema?: unknown;
 }
 
+// OAuth tokens stored alongside an MCP custom server. Uses the same shape as
+// the SDK's OAuthTokens response (RFC 6749), with an absolute `expires_at`
+// computed from `expires_in` at issuance time so the client can decide when to
+// refresh without trusting a relative-time field across page reloads.
+export interface MCPOAuthTokens {
+	access_token: string;
+	token_type: string;
+	refresh_token?: string;
+	scope?: string;
+	expires_at?: number;
+	id_token?: string;
+}
+
+// Snapshot of the discovery + DCR results so we can refresh tokens or
+// reconnect later without re-walking the WWW-Authenticate dance every time.
+// Schemas mirror @modelcontextprotocol/sdk/shared/auth (RFC 8414, RFC 7591),
+// kept loose here so we don't pull SDK Zod types into the public client bundle.
+export interface MCPAuthorizationServerMetadata {
+	issuer: string;
+	authorization_endpoint: string;
+	token_endpoint: string;
+	registration_endpoint?: string;
+	revocation_endpoint?: string;
+	scopes_supported?: string[];
+	code_challenge_methods_supported?: string[];
+	grant_types_supported?: string[];
+	token_endpoint_auth_methods_supported?: string[];
+	[key: string]: unknown;
+}
+
+export interface MCPClientInformation {
+	client_id: string;
+	client_secret?: string;
+	redirect_uris: string[];
+	client_id_issued_at?: number;
+	client_secret_expires_at?: number;
+	[key: string]: unknown;
+}
+
+export interface MCPOAuthState {
+	resource: string;
+	asMetadata: MCPAuthorizationServerMetadata;
+	resourceMetadataUrl?: string;
+	clientInfo: MCPClientInformation;
+	clientWasManuallyEntered?: boolean;
+	tokens?: MCPOAuthTokens;
+}
+
 export interface MCPServer {
 	id: string;
 	name: string;
@@ -66,6 +114,10 @@ export interface MCPServer {
 	errorMessage?: string;
 	// Indicates server reports or appears to require OAuth or other auth
 	authRequired?: boolean;
+	// Populated once the server is recognized as OAuth-protected. `oauth.tokens`
+	// being set means the server is authorized; absence means it still needs the
+	// "Authorize" step.
+	oauth?: MCPOAuthState;
 }
 
 export interface MCPServerApi {
diff --git a/src/lib/utils/mcpOAuth.ts b/src/lib/utils/mcpOAuth.ts
new file mode 100644
index 00000000000..c9e4acb3ba0
--- /dev/null
+++ b/src/lib/utils/mcpOAuth.ts
@@ -0,0 +1,296 @@
+/**
+ * Client-side OAuth helpers for MCP servers.
+ *
+ * The dance is server-orchestrated (because most authorization-server endpoints
+ * lack CORS), but tokens land in the browser via either:
+ *  - a popup window that postMessages back to the opener, or
+ *  - a full-page redirect that drops a base64 handoff blob in `location.hash`
+ *    on return.
+ *
+ * The browser then persists tokens alongside the custom MCP server entry in
+ * localStorage (see `mcpServers.ts`).
+ */
+
+import { base } from "$app/paths";
+import type {
+	MCPAuthorizationServerMetadata,
+	MCPClientInformation,
+	MCPOAuthTokens,
+} from "$lib/types/Tool";
+
+export interface DiscoveryResponse {
+	requiresAuth: boolean;
+	resource?: string;
+	resourceMetadataUrl?: string;
+	asMetadata?: MCPAuthorizationServerMetadata;
+	clientInfo?: MCPClientInformation;
+	supportsDcr?: boolean;
+	probeStatus?: number;
+}
+
+export interface OAuthCallbackPayload {
+	ok: boolean;
+	flowId: string;
+	tokens?: MCPOAuthTokens;
+	resource?: string;
+	error?: string;
+}
+
+const POPUP_FEATURES = "popup=yes,width=600,height=750,noopener=no,noreferrer=no";
+
+export async function discoverServer(url: string): Promise<DiscoveryResponse> {
+	const res = await fetch(`${base}/api/mcp/oauth/discover`, {
+		method: "POST",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify({ url }),
+	});
+	if (!res.ok) {
+		const text = await res.text().catch(() => "");
+		throw new Error(text || `Discovery failed (${res.status})`);
+	}
+	return (await res.json()) as DiscoveryResponse;
+}
+
+export async function startAuthFlow(args: {
+	resource: string;
+	asMetadata: MCPAuthorizationServerMetadata;
+	clientInfo: MCPClientInformation;
+	popupMode: boolean;
+	redirectNext?: string;
+	scope?: string;
+}): Promise<{ authUrl: string; flowId: string }> {
+	const res = await fetch(`${base}/api/mcp/oauth/start`, {
+		method: "POST",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify(args),
+	});
+	if (!res.ok) {
+		const text = await res.text().catch(() => "");
+		throw new Error(text || `Failed to start authorization (${res.status})`);
+	}
+	return (await res.json()) as { authUrl: string; flowId: string };
+}
+
+/**
+ * Thrown when the authorization server itself rejected the refresh_token
+ * (RFC 6749 `invalid_grant` / revoked / rotated). The caller should wipe the
+ * stored tokens and prompt the user to re-authorize. Distinct from generic
+ * `Error`s, which represent transport-layer failures (offline, 5xx, timeout)
+ * where the refresh_token is presumed still valid and tokens should be kept.
+ */
+export class OAuthRefreshRejectedError extends Error {
+	constructor(message: string) {
+		super(message);
+		this.name = "OAuthRefreshRejectedError";
+	}
+}
+
+export async function refreshAccessToken(args: {
+	asMetadata: MCPAuthorizationServerMetadata;
+	clientInfo: MCPClientInformation;
+	resource: string;
+	refreshToken: string;
+}): Promise<MCPOAuthTokens> {
+	const res = await fetch(`${base}/api/mcp/oauth/refresh`, {
+		method: "POST",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify({
+			asMetadata: args.asMetadata,
+			clientInfo: args.clientInfo,
+			resource: args.resource,
+			refresh_token: args.refreshToken,
+		}),
+	});
+	if (!res.ok) {
+		const text = await res.text().catch(() => "");
+		const message = text || `Refresh failed (${res.status})`;
+		// 401 from /api/mcp/oauth/refresh means the AS rejected the refresh_token.
+		// Anything else (502 transport / 5xx) is treated as transient by callers.
+		if (res.status === 401) throw new OAuthRefreshRejectedError(message);
+		throw new Error(message);
+	}
+	const body = (await res.json()) as { tokens: MCPOAuthTokens };
+	return body.tokens;
+}
+
+export async function revokeAccessToken(args: {
+	asMetadata: MCPAuthorizationServerMetadata;
+	clientInfo: MCPClientInformation;
+	token: string;
+	tokenTypeHint?: "access_token" | "refresh_token";
+}): Promise<boolean> {
+	try {
+		const res = await fetch(`${base}/api/mcp/oauth/revoke`, {
+			method: "POST",
+			headers: { "Content-Type": "application/json" },
+			body: JSON.stringify({
+				asMetadata: args.asMetadata,
+				clientInfo: args.clientInfo,
+				token: args.token,
+				token_type_hint: args.tokenTypeHint,
+			}),
+		});
+		if (!res.ok) return false;
+		const body = (await res.json()) as { revoked: boolean };
+		return Boolean(body.revoked);
+	} catch {
+		return false;
+	}
+}
+
+/**
+ * Opens an OAuth popup and resolves with the postMessage payload from our
+ * callback page. Rejects if the user closes the popup before a result arrives,
+ * or if the popup never opens (popup-blocked / mobile). Caller can then fall
+ * back to `runFullPageAuthFlow`.
+ */
+export function openAuthPopup(authUrl: string, flowId: string): Promise<OAuthCallbackPayload> {
+	return new Promise((resolve, reject) => {
+		let popup: Window | null;
+		try {
+			popup = window.open(authUrl, "mcp-oauth", POPUP_FEATURES);
+		} catch {
+			reject(new Error("popup-blocked"));
+			return;
+		}
+		if (!popup) {
+			reject(new Error("popup-blocked"));
+			return;
+		}
+
+		let settled = false;
+		const targetOrigin = window.location.origin;
+
+		const cleanup = () => {
+			window.removeEventListener("message", onMessage);
+			clearInterval(pollHandle);
+		};
+
+		const onMessage = (event: MessageEvent) => {
+			if (event.origin !== targetOrigin) return;
+			const data = event.data as { type?: string; payload?: OAuthCallbackPayload } | null;
+			if (!data || data.type !== "mcp-oauth-result" || !data.payload) return;
+			if (data.payload.flowId && data.payload.flowId !== flowId) return;
+			if (settled) return;
+			settled = true;
+			cleanup();
+			try {
+				popup?.close();
+			} catch {}
+			resolve(data.payload);
+		};
+
+		const pollHandle = window.setInterval(() => {
+			if (popup && popup.closed && !settled) {
+				settled = true;
+				cleanup();
+				reject(new Error("popup-closed"));
+			}
+		}, 500);
+
+		window.addEventListener("message", onMessage);
+
+		// Hard timeout in case nothing ever happens (e.g. AS hangs)
+		window.setTimeout(
+			() => {
+				if (settled) return;
+				settled = true;
+				cleanup();
+				try {
+					popup?.close();
+				} catch {}
+				reject(new Error("timeout"));
+			},
+			10 * 60 * 1000
+		);
+	});
+}
+
+/**
+ * Mobile / popup-blocked fallback. Stashes the in-flight flow context in
+ * sessionStorage keyed by flowId, then navigates the main tab to `authUrl`.
+ * On return, `consumeRedirectHandoff()` picks up the result from the URL hash.
+ */
+export function runFullPageAuthFlow(args: { authUrl: string; flowId: string; serverId: string }) {
+	const pending = {
+		flowId: args.flowId,
+		serverId: args.serverId,
+		startedAt: Date.now(),
+	};
+	try {
+		sessionStorage.setItem(SESSION_KEY_PENDING, JSON.stringify(pending));
+	} catch {}
+	window.location.href = args.authUrl;
+}
+
+const SESSION_KEY_PENDING = "mcp-oauth:pending";
+
+export interface PendingFullPage {
+	flowId: string;
+	serverId: string;
+	startedAt: number;
+}
+
+export function readPendingFullPage(): PendingFullPage | null {
+	try {
+		const raw = sessionStorage.getItem(SESSION_KEY_PENDING);
+		if (!raw) return null;
+		return JSON.parse(raw) as PendingFullPage;
+	} catch {
+		return null;
+	}
+}
+
+export function clearPendingFullPage() {
+	try {
+		sessionStorage.removeItem(SESSION_KEY_PENDING);
+	} catch {}
+}
+
+/**
+ * On page load, look for a `__mcp_oauth_handoff=` fragment in the URL hash.
+ * If present, decode it, scrub it from the URL, and return the payload along
+ * with any pending serverId we stashed before redirecting.
+ */
+export function consumeRedirectHandoff(): {
+	payload: OAuthCallbackPayload;
+	serverId: string;
+} | null {
+	if (typeof window === "undefined") return null;
+	const hash = window.location.hash;
+	const m = hash.match(/[#&]__mcp_oauth_handoff=([^&]+)/);
+	if (!m) return null;
+
+	let payload: OAuthCallbackPayload;
+	try {
+		const json = atob(m[1].replace(/-/g, "+").replace(/_/g, "/"));
+		payload = JSON.parse(json) as OAuthCallbackPayload;
+	} catch {
+		return null;
+	}
+
+	const newHash = hash
+		.replace(/(^|[#&])__mcp_oauth_handoff=[^&]+/, "$1")
+		.replace(/^#&/, "#")
+		.replace(/^#$/, "");
+	try {
+		const newUrl = window.location.pathname + window.location.search + (newHash || "");
+		window.history.replaceState({}, "", newUrl);
+	} catch {}
+
+	const pending = readPendingFullPage();
+	clearPendingFullPage();
+	if (!pending) return null;
+	if (payload.flowId && pending.flowId !== payload.flowId) return null;
+	return { payload, serverId: pending.serverId };
+}
+
+export function isTokenExpiringSoon(tokens: MCPOAuthTokens, marginMs = 5 * 60 * 1000): boolean {
+	if (!tokens.expires_at) return false;
+	return Date.now() + marginMs >= tokens.expires_at;
+}
+
+export function isTokenExpired(tokens: MCPOAuthTokens): boolean {
+	if (!tokens.expires_at) return false;
+	return Date.now() >= tokens.expires_at;
+}
diff --git a/src/routes/api/mcp/oauth/callback/+server.ts b/src/routes/api/mcp/oauth/callback/+server.ts
new file mode 100644
index 00000000000..73d944f861a
--- /dev/null
+++ b/src/routes/api/mcp/oauth/callback/+server.ts
@@ -0,0 +1,239 @@
+import { base } from "$app/paths";
+import type { RequestHandler } from "./$types";
+import { logger } from "$lib/server/logger";
+import { exchangeCodeForTokens, tokensWithExpiresAt } from "$lib/server/mcp/oauth/exchange";
+import { FLOW_COOKIE_NAME, verifyFlowCookie } from "$lib/server/mcp/oauth/state";
+import { config } from "$lib/server/config";
+import { dev } from "$app/environment";
+import type {
+	AuthorizationServerMetadata,
+	OAuthClientInformationFull,
+} from "@modelcontextprotocol/sdk/shared/auth.js";
+
+interface PopupResultMessage {
+	ok: boolean;
+	flowId: string;
+	tokens?: unknown;
+	resource?: string;
+	error?: string;
+}
+
+const sameSite = config.ALLOW_INSECURE_COOKIES === "true" || dev ? "lax" : ("none" as const);
+const secure = !(dev || config.ALLOW_INSECURE_COOKIES === "true");
+
+function htmlEscape(s: string): string {
+	return s.replace(/[&<>"']/g, (c) => {
+		switch (c) {
+			case "&":
+				return "&amp;";
+			case "<":
+				return "&lt;";
+			case ">":
+				return "&gt;";
+			case '"':
+				return "&quot;";
+			case "'":
+				return "&#39;";
+		}
+		return c;
+	});
+}
+
+/**
+ * Encode a value as JSON safe to embed inside an inline `<script>` tag. Escapes
+ * the four sequences that can break out of or be reinterpreted by the HTML
+ * parser before JavaScript sees the literal: `<`, `>`, `&`, and the U+2028 /
+ * U+2029 line separators (which JS treats as line terminators in string
+ * literals starting with ES2019, but historically broke parsers).
+ */
+function jsonForInlineScript(value: unknown): string {
+	return JSON.stringify(value)
+		.replace(/</g, "\\u003c")
+		.replace(/>/g, "\\u003e")
+		.replace(/&/g, "\\u0026")
+		.replace(/[\u2028\u2029]/g, (c) => `\\u${c.charCodeAt(0).toString(16).padStart(4, "0")}`);
+}
+
+function popupResponse(origin: string, message: PopupResultMessage): Response {
+	const json = jsonForInlineScript(message);
+	const body = `<!doctype html>
+<html lang="en">
+<head>
+<meta charset="utf-8" />
+<title>Authorization complete</title>
+<meta name="viewport" content="width=device-width,initial-scale=1" />
+<style>
+  body { font-family: system-ui, sans-serif; padding: 24px; color: #1f2937; background: #f9fafb; }
+  .card { max-width: 400px; margin: 60px auto; padding: 24px; border-radius: 12px; background: #fff; box-shadow: 0 1px 3px rgba(0,0,0,.08); text-align: center; }
+  h1 { font-size: 16px; margin: 0 0 8px; }
+  p { font-size: 14px; color: #4b5563; margin: 0; }
+</style>
+</head>
+<body>
+  <div class="card">
+    <h1>${message.ok ? "Authorization complete" : "Authorization failed"}</h1>
+    <p>You can close this window.</p>
+  </div>
+  <script>
+    (function () {
+      var msg = ${json};
+      try {
+        if (window.opener) {
+          window.opener.postMessage({ type: "mcp-oauth-result", payload: msg }, ${jsonForInlineScript(
+						origin
+					)});
+        }
+      } catch (e) {}
+      try { window.close(); } catch (e) {}
+    })();
+  </script>
+</body>
+</html>`;
+	return new Response(body, {
+		status: 200,
+		headers: {
+			"Content-Type": "text/html; charset=utf-8",
+			"Cache-Control": "no-store",
+			"X-Content-Type-Options": "nosniff",
+			"Referrer-Policy": "no-referrer",
+			// Hardening: tighten CSP so the inline bootstrap is the only script that runs.
+			"Content-Security-Policy":
+				"default-src 'none'; script-src 'unsafe-inline'; style-src 'unsafe-inline'; img-src 'none'; connect-src 'none'; frame-ancestors 'none';",
+		},
+	});
+}
+
+function safeReturnPath(input: string | undefined): string {
+	if (!input || typeof input !== "string") return "/";
+	if (input.startsWith("//")) return "/";
+	if (!input.startsWith("/")) return "/";
+	return input;
+}
+
+function redirectResponseWithHash(redirectNext: string, message: PopupResultMessage): Response {
+	const safePath = safeReturnPath(redirectNext);
+	const handoff = Buffer.from(JSON.stringify(message), "utf8").toString("base64url");
+	const fragment = `#__mcp_oauth_handoff=${handoff}`;
+	return new Response(null, {
+		status: 302,
+		headers: {
+			Location: safePath + fragment,
+			"Cache-Control": "no-store",
+		},
+	});
+}
+
+export const GET: RequestHandler = async ({ url, cookies }) => {
+	const code = url.searchParams.get("code");
+	const state = url.searchParams.get("state");
+	const errorParam = url.searchParams.get("error");
+	const errorDescription = url.searchParams.get("error_description");
+
+	// Find the most recent flow cookie. We do this with cookies.getAll() so we
+	// don't depend on a specific flowId being present in the URL — the AS
+	// callback only carries `code` and `state`.
+	const flowCookies = cookies.getAll().filter((c) => c.name.startsWith(`${FLOW_COOKIE_NAME}-`));
+	let cookieFlowId: string | undefined;
+	let flowState = null as ReturnType<typeof verifyFlowCookie>;
+	for (const c of flowCookies) {
+		const candidate = verifyFlowCookie(c.value);
+		if (candidate && candidate.expectedState === state) {
+			cookieFlowId = c.name.slice(`${FLOW_COOKIE_NAME}-`.length);
+			flowState = candidate;
+			break;
+		}
+	}
+	// Fallback for the error path (state mismatch / no state at all): take the
+	// first valid cookie so we know how to render (popup vs redirect).
+	if (!flowState) {
+		for (const c of flowCookies) {
+			const candidate = verifyFlowCookie(c.value);
+			if (candidate) {
+				cookieFlowId = c.name.slice(`${FLOW_COOKIE_NAME}-`.length);
+				flowState = candidate;
+				break;
+			}
+		}
+	}
+
+	const origin = config.PUBLIC_ORIGIN || url.origin;
+	const popupMode = flowState?.popupMode ?? true;
+	const redirectNext = flowState?.redirectNext;
+
+	const expireFlowCookie = () => {
+		if (!cookieFlowId) return;
+		cookies.set(`${FLOW_COOKIE_NAME}-${cookieFlowId}`, "", {
+			path: `${base}/api/mcp/oauth`,
+			httpOnly: true,
+			sameSite,
+			secure,
+			maxAge: 0,
+		});
+	};
+
+	const respond = (message: PopupResultMessage) => {
+		expireFlowCookie();
+		if (!popupMode && redirectNext) {
+			return redirectResponseWithHash(redirectNext, message);
+		}
+		return popupResponse(origin, { ...message });
+	};
+
+	if (errorParam) {
+		return respond({
+			ok: false,
+			flowId: flowState?.flowId ?? "",
+			error: htmlEscape(`${errorParam}${errorDescription ? `: ${errorDescription}` : ""}`),
+		});
+	}
+
+	if (!flowState) {
+		return respond({
+			ok: false,
+			flowId: "",
+			error: "Authorization flow expired or invalid",
+		});
+	}
+
+	if (!code || !state) {
+		return respond({
+			ok: false,
+			flowId: flowState.flowId,
+			error: "Missing code/state in callback",
+		});
+	}
+
+	if (state !== flowState.expectedState) {
+		return respond({
+			ok: false,
+			flowId: flowState.flowId,
+			error: "State mismatch (CSRF protection)",
+		});
+	}
+
+	try {
+		const tokens = await exchangeCodeForTokens({
+			asMetadata: flowState.asMetadata as unknown as AuthorizationServerMetadata,
+			clientInfo: flowState.clientInfo as unknown as OAuthClientInformationFull,
+			redirectUri: flowState.redirectUri,
+			resource: flowState.resource,
+			code,
+			codeVerifier: flowState.verifier,
+		});
+		return respond({
+			ok: true,
+			flowId: flowState.flowId,
+			tokens: tokensWithExpiresAt(tokens),
+			resource: flowState.resource,
+		});
+	} catch (e) {
+		const msg = e instanceof Error ? e.message : "Token exchange failed";
+		logger.warn({ err: msg, flowId: flowState.flowId }, "[mcp-oauth] code exchange failed");
+		return respond({ ok: false, flowId: flowState.flowId, error: msg });
+	}
+};
+
+// We don't request `response_mode=form_post` from `startAuthorization`, so
+// authorization servers always return code/state via the query string on a GET.
+// Intentionally not exporting POST — aliasing it to GET would silently fail to
+// read code/state from the form body for any AS that decides to POST anyway.
diff --git a/src/routes/api/mcp/oauth/discover/+server.ts b/src/routes/api/mcp/oauth/discover/+server.ts
new file mode 100644
index 00000000000..41a85c49323
--- /dev/null
+++ b/src/routes/api/mcp/oauth/discover/+server.ts
@@ -0,0 +1,44 @@
+import { z } from "zod";
+import { error, json } from "@sveltejs/kit";
+import { base } from "$app/paths";
+import type { RequestHandler } from "./$types";
+import { config } from "$lib/server/config";
+import { logger } from "$lib/server/logger";
+import { discoverServerOAuth } from "$lib/server/mcp/oauth/discover";
+
+const Body = z.object({
+	url: z.string().url(),
+});
+
+export const POST: RequestHandler = async ({ request, url }) => {
+	let parsed: z.infer<typeof Body>;
+	try {
+		parsed = Body.parse(await request.json());
+	} catch (e) {
+		return error(400, e instanceof Error ? e.message : "Invalid request body");
+	}
+
+	const origin = config.PUBLIC_ORIGIN || url.origin;
+	const redirectUri = `${origin}${base}/api/mcp/oauth/callback`;
+
+	try {
+		const result = await discoverServerOAuth(parsed.url, {
+			redirectUri,
+			appName: config.PUBLIC_APP_NAME || "chat-ui",
+		});
+
+		return json({
+			requiresAuth: result.requiresAuth,
+			resource: result.resource,
+			resourceMetadataUrl: result.resourceMetadataUrl,
+			asMetadata: result.asMetadata,
+			clientInfo: result.clientInfo,
+			supportsDcr: result.supportsDcr,
+			probeStatus: result.probeStatus,
+		});
+	} catch (e) {
+		const msg = e instanceof Error ? e.message : "Discovery failed";
+		logger.warn({ err: msg, url: parsed.url }, "[mcp-oauth] discovery failed");
+		return error(502, msg);
+	}
+};
diff --git a/src/routes/api/mcp/oauth/refresh/+server.ts b/src/routes/api/mcp/oauth/refresh/+server.ts
new file mode 100644
index 00000000000..66345efa4cf
--- /dev/null
+++ b/src/routes/api/mcp/oauth/refresh/+server.ts
@@ -0,0 +1,59 @@
+import { z } from "zod";
+import { error, json } from "@sveltejs/kit";
+import type { RequestHandler } from "./$types";
+import { logger } from "$lib/server/logger";
+import { refreshTokens, tokensWithExpiresAt } from "$lib/server/mcp/oauth/exchange";
+import type {
+	AuthorizationServerMetadata,
+	OAuthClientInformationFull,
+} from "@modelcontextprotocol/sdk/shared/auth.js";
+
+const Body = z.object({
+	asMetadata: z.record(z.string(), z.unknown()),
+	clientInfo: z.record(z.string(), z.unknown()),
+	resource: z.string().url(),
+	refresh_token: z.string().min(1),
+});
+
+export const POST: RequestHandler = async ({ request }) => {
+	let parsed: z.infer<typeof Body>;
+	try {
+		parsed = Body.parse(await request.json());
+	} catch (e) {
+		return error(400, e instanceof Error ? e.message : "Invalid request body");
+	}
+
+	const asMetadata = parsed.asMetadata as unknown as AuthorizationServerMetadata;
+	const clientInfo = parsed.clientInfo as unknown as OAuthClientInformationFull;
+
+	if (!asMetadata.token_endpoint || !asMetadata.issuer) {
+		return error(400, "Invalid authorization server metadata");
+	}
+	if (!clientInfo.client_id) {
+		return error(400, "Missing client_id in clientInfo");
+	}
+
+	try {
+		const tokens = await refreshTokens({
+			asMetadata,
+			clientInfo,
+			resource: parsed.resource,
+			refreshToken: parsed.refresh_token,
+		});
+		return json({ tokens: tokensWithExpiresAt(tokens) });
+	} catch (e) {
+		const msg = e instanceof Error ? e.message : "Refresh failed";
+		logger.warn({ err: msg }, "[mcp-oauth] refresh failed");
+		// 401 means the AS rejected the refresh_token (invalid_grant / revoked /
+		// rotated). 502 covers transport-layer or AS-side transient failures
+		// (network down, AS 5xx, timeout) — clients should preserve tokens and
+		// retry next window rather than wipe credentials on a network blip.
+		const lower = msg.toLowerCase();
+		const isInvalidGrant =
+			lower.includes("invalid_grant") ||
+			lower.includes("invalid_request") ||
+			lower.includes("unauthorized") ||
+			lower.includes("invalid_client");
+		return error(isInvalidGrant ? 401 : 502, msg);
+	}
+};
diff --git a/src/routes/api/mcp/oauth/revoke/+server.ts b/src/routes/api/mcp/oauth/revoke/+server.ts
new file mode 100644
index 00000000000..e28f3558abd
--- /dev/null
+++ b/src/routes/api/mcp/oauth/revoke/+server.ts
@@ -0,0 +1,35 @@
+import { z } from "zod";
+import { error, json } from "@sveltejs/kit";
+import type { RequestHandler } from "./$types";
+import { tryRevokeToken } from "$lib/server/mcp/oauth/exchange";
+import type {
+	AuthorizationServerMetadata,
+	OAuthClientInformationFull,
+} from "@modelcontextprotocol/sdk/shared/auth.js";
+
+const Body = z.object({
+	asMetadata: z.record(z.string(), z.unknown()),
+	clientInfo: z.record(z.string(), z.unknown()),
+	token: z.string().min(1),
+	token_type_hint: z.enum(["access_token", "refresh_token"]).optional(),
+});
+
+export const POST: RequestHandler = async ({ request }) => {
+	let parsed: z.infer<typeof Body>;
+	try {
+		parsed = Body.parse(await request.json());
+	} catch (e) {
+		return error(400, e instanceof Error ? e.message : "Invalid request body");
+	}
+
+	const asMetadata = parsed.asMetadata as unknown as AuthorizationServerMetadata;
+	const clientInfo = parsed.clientInfo as unknown as OAuthClientInformationFull;
+
+	const ok = await tryRevokeToken({
+		asMetadata,
+		clientInfo,
+		token: parsed.token,
+		tokenTypeHint: parsed.token_type_hint,
+	});
+	return json({ revoked: ok });
+};
diff --git a/src/routes/api/mcp/oauth/start/+server.ts b/src/routes/api/mcp/oauth/start/+server.ts
new file mode 100644
index 00000000000..ae97ebc6964
--- /dev/null
+++ b/src/routes/api/mcp/oauth/start/+server.ts
@@ -0,0 +1,94 @@
+import { z } from "zod";
+import { error, json } from "@sveltejs/kit";
+import { base } from "$app/paths";
+import { randomUUID } from "crypto";
+import type { RequestHandler } from "./$types";
+import { config } from "$lib/server/config";
+import { dev } from "$app/environment";
+import { buildAuthorizationUrl } from "$lib/server/mcp/oauth/exchange";
+import {
+	FLOW_COOKIE_NAME,
+	FLOW_TTL_MS,
+	newFlowId,
+	signFlowCookie,
+} from "$lib/server/mcp/oauth/state";
+import type {
+	AuthorizationServerMetadata,
+	OAuthClientInformationFull,
+} from "@modelcontextprotocol/sdk/shared/auth.js";
+
+const Body = z.object({
+	resource: z.string().url(),
+	asMetadata: z.record(z.string(), z.unknown()),
+	clientInfo: z.record(z.string(), z.unknown()),
+	popupMode: z.boolean().default(true),
+	redirectNext: z.string().optional(),
+	scope: z.string().optional(),
+});
+
+const sameSite = config.ALLOW_INSECURE_COOKIES === "true" || dev ? "lax" : ("none" as const);
+const secure = !(dev || config.ALLOW_INSECURE_COOKIES === "true");
+
+export const POST: RequestHandler = async ({ request, url, cookies }) => {
+	let parsed: z.infer<typeof Body>;
+	try {
+		parsed = Body.parse(await request.json());
+	} catch (e) {
+		return error(400, e instanceof Error ? e.message : "Invalid request body");
+	}
+
+	const asMetadata = parsed.asMetadata as unknown as AuthorizationServerMetadata;
+	const clientInfo = parsed.clientInfo as unknown as OAuthClientInformationFull;
+
+	if (!asMetadata.issuer || !asMetadata.authorization_endpoint || !asMetadata.token_endpoint) {
+		return error(400, "Invalid authorization server metadata");
+	}
+	if (!clientInfo.client_id) {
+		return error(400, "Missing client_id in clientInfo");
+	}
+
+	const origin = config.PUBLIC_ORIGIN || url.origin;
+	const redirectUri = `${origin}${base}/api/mcp/oauth/callback`;
+	const flowId = newFlowId();
+	const expectedState = randomUUID();
+
+	let authorizationUrl: URL;
+	let codeVerifier: string;
+	try {
+		const built = await buildAuthorizationUrl({
+			asMetadata,
+			clientInfo,
+			redirectUri,
+			resource: parsed.resource,
+			state: expectedState,
+			scope: parsed.scope,
+		});
+		authorizationUrl = built.authorizationUrl;
+		codeVerifier = built.codeVerifier;
+	} catch (e) {
+		return error(502, e instanceof Error ? e.message : "Failed to build authorization URL");
+	}
+
+	const cookieValue = signFlowCookie({
+		flowId,
+		verifier: codeVerifier,
+		expectedState,
+		asMetadata,
+		clientInfo,
+		resource: parsed.resource,
+		redirectUri,
+		popupMode: parsed.popupMode,
+		redirectNext: parsed.redirectNext,
+		expiresAt: Date.now() + FLOW_TTL_MS,
+	});
+
+	cookies.set(`${FLOW_COOKIE_NAME}-${flowId}`, cookieValue, {
+		path: `${base}/api/mcp/oauth`,
+		httpOnly: true,
+		sameSite,
+		secure,
+		maxAge: Math.floor(FLOW_TTL_MS / 1000),
+	});
+
+	return json({ authUrl: authorizationUrl.toString(), flowId });
+};
diff --git a/src/routes/conversation/[id]/+page.svelte b/src/routes/conversation/[id]/+page.svelte
index 6982ef0e93f..96a1d1fdb7e 100644
--- a/src/routes/conversation/[id]/+page.svelte
+++ b/src/routes/conversation/[id]/+page.svelte
@@ -17,7 +17,11 @@
 	import { fetchMessageUpdates, resolveStreamingMode } from "$lib/utils/messageUpdates";
 	import type { v4 } from "uuid";
 	import { useSettingsStore } from "$lib/stores/settings.js";
-	import { enabledServers } from "$lib/stores/mcpServers";
+	import {
+		enabledServers,
+		effectiveServerHeaders,
+		refreshAllExpiredTokens,
+	} from "$lib/stores/mcpServers";
 	import { browser } from "$app/environment";
 	import {
 		addBackgroundGeneration,
@@ -220,6 +224,16 @@
 			messageUpdatesAbortController = new AbortController();
 			const streamingMode = resolveStreamingMode($settings);
 
+			// Just-in-time OAuth token refresh: if any enabled server has a token
+			// that's already expired or expiring within the next 5 minutes, hit our
+			// /api/mcp/oauth/refresh endpoint and replace the token in localStorage
+			// before we serialize the request. Errors are best-effort — the chat
+			// will still send and any genuinely-broken server will surface a clear
+			// reconnect path via tool-error messages.
+			try {
+				await refreshAllExpiredTokens();
+			} catch {}
+
 			const messageUpdatesIterator = await fetchMessageUpdates(
 				convId,
 				{
@@ -232,7 +246,7 @@
 					selectedMcpServers: $enabledServers.map((s) => ({
 						name: s.name,
 						url: s.url,
-						headers: s.headers,
+						headers: effectiveServerHeaders(s),
 					})),
 					timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
 					streamingMode,