But MCP uses Oauth. That is not a "worse version" of API keys. It is better.

The classic "API key" flow requires you to go to the resource site, generate a key, copy it, then paste it where you want it to go.

Oauth automates this. It's like "give me an API key" on demand.

An MCP server lets you avoid giving the agent your API key so it can't leak it. At least in theory.

You could do the same with a CLI tool but it's more of a hassle to set up.