AI-assisted developer services are increasingly embedded in modern IDEs, yet enterprises must ensure these tools operate within existing identity, access control, and governance requirements. The Model Context Protocol (MCP) enables AI assistants to retrieve structured internal context, but its specification provides only a minimal authorization model and lacks guidance on integrating enterprise SSO. This article presents a practical architecture that incorporates OAuth 2.0 and OpenID Connect (OIDC) into MCP-enabled developer environments. It describes how IDE extensions obtain and present tokens, how MCP servers validate them through an identity provider, and how scopes and claims can enforce least-privilege access. A prototype implementation using Visual Studio Code, a Python-based MCP server, and an OIDC-compliant IdP demonstrates feasibility. A case study evaluates authentication latency, token-validation overhead, operational considerations, and AI-specific risks. The approach provides a deployable pattern for organizations adopting AI-assisted developer tools while maintaining identity assurance and auditability.

翻译：AI辅助开发服务正日益嵌入现代集成开发环境（IDE），但企业必须确保这些工具在现有身份认证、访问控制与治理要求下运行。模型上下文协议（MCP）使AI助手能够获取结构化内部上下文，但其规范仅提供最小化授权模型，且缺乏企业单点登录（SSO）集成指导。本文提出一种实用架构，将OAuth 2.0与OpenID Connect（OIDC）集成至支持MCP的开发环境中。阐述IDE扩展如何获取并呈现令牌、MCP服务器如何通过身份提供程序验证令牌，以及如何利用作用域与声明实施最小权限访问。通过基于Visual Studio Code、Python开发的MCP服务器及符合OIDC标准的身份提供程序的原型实现验证了可行性。案例研究评估了认证延迟、令牌验证开销、运维考量及AI特定风险。该方案为采用AI辅助开发工具的组织提供了可部署模式，同时保障身份确权与可审计性。