Use one hosted account for the web app, MCP clients, and remote infrastructure-backed Monarchic runs.
OAuth/OIDC first
Provider-backed sessions own account access.
MCP fallback
Bearer tokens and API keys connect hosted MCP clients.
The production OAuth/OIDC provider URL is configured by deployment.
Temporary developer path until the hosted OAuth callback and API-key lifecycle endpoints are wired.