What’s New in MCP 2025‑03‑26? Deep Dive into OAuth 2.1, Streamable HTTP, and JSON‑RPC Enhancements

Key Updates in MCP 2025‑03‑26

The new specification adds major security, transport, and developer‑experience improvements while keeping backward compatibility with the previous 2024‑11‑05 version.

Security Enhancements

OAuth 2.1 is now mandatory. PKCE and HTTPS are enforced, implicit flows are removed, and token rotation is required. Tokens must be stored in OS‑level secure storage (Android Keystore, iOS Keychain) and audit logs record all issuance and revocation events. destructiveHint annotations trigger front‑end confirmation dialogs and optional MFA.

Transport Protocol

The dual‑endpoint HTTP + SSE model is replaced by Streamable HTTP , a single‑endpoint protocol that supports bidirectional communication, connection recovery via Last-Event-ID, and dynamic protocol negotiation through the Accept header.

JSON‑RPC Batch Processing

All MCP implementations must now support JSON‑RPC 2.0 batch requests. Servers must return HTTP 200 with an array of responses for successful batches and HTTP 202 for batches containing only notifications. Atomic execution is required for batches marked with the atomic flag.

[
  {"jsonrpc":"2.0","id":1,"method":"text_analyze","params":{"text":"Hello"}},
  {"jsonrpc":"2.0","id":2,"method":"image_tag","params":{"url":"img.jpg"}},
  {"jsonrpc":"2.0","method":"log_event"} // notification
]

Tool Metadata (ToolAnnotations)

New ToolAnnotations describe tool behavior (e.g., destructiveHint, idempotentHint, readOnlyHint, openWorldHint). Front‑end frameworks can render risk warnings, enforce idempotent retries, and generate automatic RBAC policies.

tools:
  - name: database_backup
    annotations:
      title: "Database Backup"
      readOnlyHint: false
      destructiveHint: false
      idempotentHint: true
      openWorldHint: false

Progress Notifications

A structured message field now carries phase, detail, and next‑step information, enabling richer UI feedback and precise debugging.

{
  "type":"ProgressNotification",
  "progress":65,
  "message":{
    "phase":"Data Cleaning",
    "detail":"Processed 12000/20000 records",
    "next_step":"Feature extraction"
  }
}

Multimodal Support

The protocol accepts audio/* payloads (e.g., audio/webm) via chunked transfer, allowing real‑time voice‑assistant scenarios.

POST /voice-process HTTP/1.1
Content-Type: audio/webm
Transfer-Encoding: chunked

<binary audio stream>

Session Management

A new Mcp-Session-Id header identifies long‑running tasks. Clients cache the last received event ID and reconnect with Last-Event-ID to resume streams.

Mcp-Session-Id: sess_XYZ123
Last-Event-ID: 159

Developer Migration Guide

Legacy OAuth 2.0 implicit flow code:

const token = getTokenFromURLFragment();
callMCPService(token);

should be replaced with PKCE flow:

const { verifier, challenge } = generatePKCE();
startAuthFlow(challenge);
function handleCallback(code){
  fetchToken(code, verifier).then(token=>{
    secureStorage.save('mcp_token', token);
    callMCPService(token);
  });
}

Similarly, HTTP + SSE usage is replaced by a single Streamable HTTP request.

Performance Benchmarks

Connection establishment time dropped from 320 ms to 180 ms (≈44 % reduction). Data transmission redundancy fell from 18 % to 5 %. Reconnection success increased from 68 % to 93 %.

Overall Impact

Clients must adopt PKCE, integrate secure credential storage, and update UI to respect ToolAnnotations. Servers need to implement Streamable HTTP, batch processing, and enhanced audit logging. The changes raise security posture, reduce latency, and improve developer productivity.