mcp-auth s

This MCP server is a reference implementation that demonstrates how authentication works within the Model Context Protocol (MCP). It showcases several authentication scenarios and how identity providers can gate access to MCP-enabled resources. The server exposes endpoints and tooling that illustrate token validation, session mapping, and token/token-introspection flows used by clients requesting access to protected MCP resources. You can use it to learn how different identity providers interact with MCP in practice and to experiment with authorization rules described in the MCP spec. Typical use involves launching the server, then exercising its authentication flows using the included examples or your own client code to obtain and present tokens for authorization decisions.

Prerequisites:

• Python 3.8+ installed on your system
• Git to clone the repository (or download the source)

Installation steps:

1. Clone the repository or download the source code git clone https://github.com/azure-samples/azure-samples-mcp-auth-servers.git cd azure-samples-mcp-auth-servers

2. Set up a Python virtual environment (optional but recommended) python -m venv venv source venv/bin/activate # on Windows use: venv\Scripts\activate

3. Install dependencies pip install -r requirements.txt

4. Run the MCP auth server python -m mcp_auth_server

5. Verify the server is running by checking the advertised port (default 8000) and using curl or an HTTP client to hit the authentication endpoints.

Note: If the module name or entry point differs in your environment, adjust the -m argument accordingly to point to the actual Python module that starts the MCP authentication server.

Tips and considerations:

• The server is intended for demonstration purposes and may include placeholder or simplified logic. Do not use it as-is in production without security review.
• You may need to configure environment variables for identity providers or issuer metadata. Common placeholders include variables like MC_AUTH_ISSUER, MC_AUTH_AUDIENCE, or PROVIDER_CONFIG, depending on your deployment.
• If you encounter port conflicts, run the server on a different port by adjusting the code or passing a PORT environment variable if supported by the entry point.
• Review MCP spec references in the repository to understand how tokens are validated and how claims determine access to resources.
• Ensure your client applications are prepared to handle token lifetimes, renewal, and revocation scenarios demonstrated by this server.