Happy slice of mcp pizzaMCP.pizza

mcp-auth-servers

MCP.Pizza Chef: localden

This collection of reference MCP servers demonstrates how authentication is implemented according to the current Model Context Protocol specification. It provides practical examples for various runtime scenarios, helping developers understand and integrate secure authentication and authorization in MCP environments. The code is intended for demonstration and learning purposes, emphasizing the need for security audits in production use.

Use This MCP server To

Demonstrate authentication flows for MCP servers Provide reference implementations for MCP authorization Test authentication scenarios in MCP development Serve as a learning resource for secure MCP server design Validate integration of authentication in MCP clients Prototype custom authentication mechanisms for MCP Audit and improve security in MCP server setups

README

Important

This is now moved under one of the official Microsoft-supported GitHub organizations. Please use that repository as a point of reference.

πŸ”’ MCP Server Authentication Reference Collection

Reference servers that demo how authentication works with the current Model Context Protocol spec.

Warning

Code presented here is for demo purposes only. Your specific scenarios (including rules inside your enterprise, specific security controls, or other protection mechanisms) may differ from the ones that are outlined in this repository. Always conduct a security audit and threat modeling for any production and customer-facing assets that require authentication and authorization.

Scenarios

Servers above are designed for various runtime scenarios. They are tagged as follows:

  • Remote MCP servers: Remote MCP Server
  • Local MCP servers: Local MCP Server
  • Dual-purpose MCP servers (can run locally or remotely): Dual-purpose MCP Server

Supported identity providers

Provider Scenario Server Type Implementation State
Entra ID Confidential client, mapped to session token. Dual-purpose MCP Server entra-id-cca-session State: Prototype
Entra ID Public client, using WAM Local MCP Server entra-id-local-wam State: Prototype
GitHub GitHub application w/OAuth, mapped to session token. Dual-purpose MCP Server github-app-session State: Prototype

mcp-auth-servers FAQ

Are these authentication servers production-ready?
No, they are demo servers meant for reference and learning; production use requires security audits.
Can I customize the authentication methods shown?
Yes, the code is open for modification to fit specific enterprise security needs.
Where can I find the official repository for these servers?
The official repository is under a Microsoft-supported GitHub organization linked in the documentation.
Do these servers support multiple authentication protocols?
The demos illustrate common authentication flows but can be extended to support various protocols.
Is it safe to use these servers as-is in customer-facing applications?
No, always conduct thorough security reviews before deploying any authentication code in production.
How do these servers integrate with MCP clients?
They provide authentication endpoints that MCP clients can call to establish secure sessions.
Are there examples of remote MCP server authentication?
Yes, some servers are tagged to demonstrate remote MCP server authentication scenarios.
What should I do if my security requirements differ?
Adapt and extend the reference code to meet your specific security policies and threat models.