Happy slice of mcp pizzaMCP.pizza
Fire in da houseTop Tip:Paying $100+ per month for Perplexity, MidJourney, Runway, ChatGPT and other tools is crazy - get all your AI tools in one site starting at $15 per month with Galaxy AI Fire in da houseCheck it out free

remote-auth-mcp-apim-py

MCP.Pizza Chef: localden

remote-auth-mcp-apim-py is a secure remote MCP server deployed on Azure, featuring authentication gated by Azure API Management and Entra ID. It implements a secretless authorization pattern using the on-behalf-of flow to exchange tokens for Microsoft Graph access. Built with Azure Functions, Bicep, and Python, it ensures robust, scalable, and secure MCP server deployment with seamless token management and API protection.

Use This MCP server To

Deploy a secure MCP server with Azure Functions and API Management Implement secretless authentication for MCP server access Use on-behalf-of flow for token exchange with Microsoft Graph Protect MCP server endpoints with Entra ID authentication Integrate MCP server with Azure Developer CLI for deployment automation Manage MCP server authorization via Azure API Management policies

README

🤫 Authenticated Remote MCP Server

This sample shows how to deploy an Entra ID-protected MCP server on Azure.

The sample also uses an authorization pattern where the client acquires a token for the MCP server first, and then uses on-behalf-of flow to exchange it for a token that can be used with Microsoft Graph. It does all this in an entirely secretless manner too.

What it uses

Note

You will need to use the Model Context Protocol Inspector to test the MCP server, as it's the only MCP client that currently support authorization out-of-the-box.

Getting started

Follow these steps to get started.

  1. Install the Azure Developer CLI.

  2. Clone the repository locally:

    git clone https://github.com/localden/remote-auth-mcp-apim-py

  3. Navigate to the repository in your terminal:

    cd remote-auth-mcp-apim-py

  4. Log in to Azure Developer CLI:

    azd auth login

  5. Deploy the project to Azure:

    azd up

Important

Deploying this project will incur Azure cost. If you are deploying for testing and experimentation, make sure to delete the created resource group after testing.

Deploying and testing the project

When you run azd up, resources declared in the infra directory will be provisioned in your Azure account. You can go through the existing Bicep files to see what infrastructure will be automatically deployed.

GIF showing the deployment of Azure resources with Azure Developer CLI

Once the deployment completes, you will be see the endpoint printed in the terminal:

Endpoint in the terminal

For example, in the screenshot above the endpoint is https://apim-2lzunaz2nu642.azure-api.net/mcp/sse. Copy it.

Note

Prior to the next step, make sure that you have Node.js installed - it's required to run the Model Context Protocol Inspector.

In your terminal, run:

npx @modelcontextprotocol/inspector@0.9.0

Note

We're using the 0.9.0 release of the Model Context Protocol Inspector because it's the most stable version when it comes to testing protected MCP servers.

This will give an endpoint where you can see Model Context Protocol Inspector running locally. Open the URL in your browser.

Switch the Transport Type to SSE and set the URL to the endpoint that you got from running the deployment. Click Connect.

Authenticating in the MCP Inspector

You will be prompted to authenticate with the credentials in the tenant in which you deployed the infrastructure. The Entra ID applications are dynamically registered at deployment time - one for the server, and another that will be used for on-behalf-of flow to acquire Microsoft Graph access.

Once you consent, you will be returned back to the Model Context Protocol Inspector landing page. Wait a few seconds until the connection is established - you will see a green Connected label on the page.

Connected MCP server in MCP Inspector

Once connected, click on List Tools and select get_graph_user_details. This will enable you to get data about the currently authenticated user from Microsoft Graph. Click Run Tool.

List tools in MCP Inspector and trigger the one that returns user details from Graph

If all goes well, you will see your user data in the response block, like this:

{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
  "businessPhones": [],
  "displayName": "YOUR_NAME",
  "givenName": null,
  "jobTitle": null,
  "mail": "YOUR_EMAIL",
  "mobilePhone": null,
  "officeLocation": null,
  "preferredLanguage": null,
  "surname": null,
  "userPrincipalName": "YOUR_UPN",
  "id": "c6b77314-c0ec-44b2-b0bb-2c971a753f0c",
  "success": true
}

Feedback and reporting issues

Make sure to open an issue if you encounter any roadblocks or have comments.

remote-auth-mcp-apim-py FAQ

How does the authentication work in remote-auth-mcp-apim-py?
It uses Azure Entra ID with an on-behalf-of flow to securely exchange tokens without storing secrets.
What Azure services are required to deploy this MCP server?
Azure Functions, Azure API Management, and Bicep are used for deployment and management.
Is this MCP server implementation language-specific?
Yes, it is implemented in Python but can be adapted to other languages.
How does the secretless authorization pattern improve security?
It avoids storing client secrets by using token exchange flows, reducing attack surface.
Can this MCP server access Microsoft Graph APIs?
Yes, it uses tokens obtained via on-behalf-of flow to call Microsoft Graph securely.
How can I automate deployment of this MCP server?
Use the Azure Developer CLI along with provided Bicep templates for infrastructure as code.
What is the role of Azure API Management in this MCP server?
It gates access to the MCP server endpoints, enforcing authentication and authorization policies.