Happy slice of mcp pizzaMCP.pizza
Fire in da houseTop Tip:Paying $100+ per month for Perplexity, MidJourney, Runway, ChatGPT and other tools is crazy - get all your AI tools in one site starting at $15 per month with Galaxy AI Fire in da houseCheck it out free

entra-id-mcp-server-session-demo

MCP.Pizza Chef: dend

entra-id-mcp-server-session-demo is a minimal MCP server demonstrating Entra ID authentication using session mapping and HTTP+SSE transport. It securely manages confidential client sessions without passing access tokens directly, simulating JWT token usage for session assignment. This demo is intended for learning and experimentation, not production, emphasizing secure token handling and caching best practices.

Use This MCP server To

Demonstrate Entra ID authentication integration with MCP servers Test secure session mapping without exposing access tokens Experiment with HTTP+SSE transport in MCP server context Learn confidential client handling inside MCP servers Prototype secure authentication flows for MCP server implementations

README

🔒 Minimal Entra ID-authenticated MCP Server

Minimal server showing how to implement Entra ID authentication with MCP and HTTP+SSE transport. Unlike the previous server implementation, this relies on a confidential client living inside the MCP server, and then using "session mapping" to make sure that the client gets a session assignment through, what looks like, a JWT token (since we can't use cookies).

Important

This repository has been archived. Refer to the reference collection for latest samples and best practices.

Warning

This is not intended for production use. If you are to adopt any of the practices in this implementation, ensure that you are implementing proper caching and secure token/credential handling practices.

Run server

npm install
npm run build
npm run start

Testing

You will need to use MCP Inspector or a tool that supports HTTP+SSE transport for MCP servers and authentication.

entra-id-mcp-server-session-demo FAQ

How does this server handle authentication without passing access tokens?
It uses session mapping with a confidential client inside the MCP server, simulating JWT tokens for session assignment.
Is this MCP server suitable for production use?
No, it is a demo intended for learning; production use requires proper caching and secure token handling.
What transport protocol does this server use?
It uses HTTP with Server-Sent Events (HTTP+SSE) for communication.
Can I use this server with MCP Inspector?
Yes, MCP Inspector or any tool supporting HTTP+SSE can be used for testing.
Where can I find updated samples and best practices?
Refer to the MCP authentication servers reference collection at https://github.com/localden/mcp-auth-servers.
Does this server use cookies for session management?
No, it avoids cookies and relies on session mapping with token-like session assignments.
What programming environment is required to run this server?
Node.js environment with npm to install dependencies, build, and start the server.
What precautions should I take if adapting this demo?
Implement proper caching and secure token/credential handling to ensure security.