First of all, thanks for launching an MCP server that supports OAuth 2.1 + DCR !
We’re integrating with Calendly’s hosted MCP server from our web application (Babelbeez). In our current implementation, we perform dynamic client registration once per provider/environment and then cache that OAuth client registration for reuse, rather than creating a new OAuth client registration for each end user. Each of our users still completes their own OAuth consent flow and receives their own separate access/refresh tokens.
We wanted to confirm whether, from Calendly’s side, this shared app identity has any implications at the application level — for example around app-wide rate limits, auditing/analytics, revocation/invalidating the client registration, or any compliance/trust considerations when many end users authorize the same registered application.
Is this usage pattern acceptable/recommended on your side, and are there any provider-level limits or caveats we should be aware of?
Thanks!
