ahmad-act/MCP-Server-with-Authentication-and-Testing-with-Inspector
If you are the rightful owner of MCP-Server-with-Authentication-and-Testing-with-Inspector and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
This project implements a Model Context Protocol (MCP) server with authentication mechanisms and testing capabilities using the MCP Inspector.
๐ MCP Server with Authentication and Testing with Inspector
This project implements a Model Context Protocol (MCP) server with two authentication mechanisms: API Key Authentication and JWT (JSON Web Token) Authentication. It provides a robust framework for handling authenticated requests with comprehensive error handling and logging, suitable for production environments. The server supports tools like echo, login, secure_action, and admin_action, with authentication enforced where required.
๐ Table of Contents
๐ฏ Purpose
The purpose of this project is to demonstrate secure MCP server implementations with two distinct authentication methods:
- ๐ API Key Authentication: Validates requests using predefined API keys.
- ๐ก๏ธ JWT Authentication: Uses JSON Web Tokens for user authentication and permission-based access control.
This project is designed for developers who need a secure, scalable, and extensible MCP server with robust debugging and logging capabilities.
โจ Features
-
๐ API Key Authentication:
- Validates requests using a set of predefined API keys.
- Supports key extraction from arguments, metadata, or environment variables.
- Simple
echotool for demonstration.
-
๐ก๏ธ JWT Authentication:
- Supports user authentication via username/password to generate JWT tokens.
- Enforces permission-based access control (
read,write,admin). - Includes tools:
login,echo,secure_action, andadmin_action. - Configurable token expiry (default: 24 hours).
- Token extraction from arguments, metadata, or environment variables.
-
โ ๏ธ Robust Error Handling:
- Custom
McpErrorfor consistent error responses. - Detailed logging of errors and server events.
- Custom
-
๐ Logging:
- Configurable logging to both console and rotating log files.
- Log rotation based on file size (5MB, with 5 backups).
- Automatic cleanup of old log files based on age.
-
๐ MCP Inspector Integration:
- Compatible with MCP Inspector for testing and debugging.
- Supports debugging via
--debugflag.
๐๏ธ Project Structure
/
โโโ src/
โ โโโ config/
โ โ โโโ __init__.py
โ โ โโโ app_settings.py # Configuration for environment variables and settings
โ โ โโโ logging_config.py # Logging setup with file rotation
โ โโโ mcp-server-with-stdio-api-key-auth.py # API Key Authentication server
โ โโโ mcp-server-with-stdio-auth2-auth.py # To Do
โ โโโ mcp-server-with-stdio-jwt-key-auth.py # JWT Authentication server
โโโ pyproject.toml # Project documentation
โโโ README.md # Python dependencies
โ Prerequisites
- Python: Version 3.13 or higher
- uv: Used for managing Python virtual environments
- Node.js: Required for running MCP Inspector
- NPM: Required to run MCP Inspector
- Operating System: Windows, macOS, or Linux
โ๏ธ Installation
-
๐ฅ Clone the Repository:
git clone https://github.com/ahmad-act/MCP-Server-with-Authentication-and-Testing-with-Inspector.git cd MCP-Server-with-Authentication-and-Testing-with-Inspector -
๐ช Set Up a Virtual Environment (recommended):
uv venv source venv/bin/activate # On Windows: venv\Scripts\activate -
๐ฆ Install Dependencies:
uv sync
๐งฉ Packages
The following Python packages are required:
mcp[cli]>=1.10.1
PyJWT>=2.8.0
python-dotenv>=1.0.0
๐ Install them using:
uv add mcp[cli] PyJWT python-dotenv
๐ฆ Usage
1๏ธโฃ MCP Server with Stdio and API Key (mcp-server-with-stdio-api-key-auth.py)
โถ๏ธ Run the MCP Server:
โ ๏ธ You do not need to manually run the MCP server for stdio transport. MCP Inspector runs the MCP Server for stdio transport.
โถ๏ธ Run the MCP Inspector:
The stdio server is typically launched by the MCP Inspector, not manually. Run the Inspector with the following command, add -e environment variable and adjusting the --directory path to your src/ directory:
npx @modelcontextprotocol/inspector uv -e MCP_API_KEY=sk-1234567890abcdef --directory '<your-src-directory>/src' run mcp-server-with-stdio-api-key-auth.py --debug
๐ Open the MCP Inspector:
Open the link http://localhost:6274/?MCP_PROXY_AUTH_TOKEN=XXXXXXXXXXXXXXXXXX with its token in your browser:
๐งช Using the MCP Inspector
-
After running the above command, the Inspector will start and automatically connect to the
stdio-based server. -
In the Inspector UI (
http://127.0.0.1:6274), inspect the available tools (e.g.,echo). -
Test the
echotool:- Input:
{ "method": "call_tool", "params": { "name": "echo", "arguments": { "message": "test", "_api_key": "sk-1234567890abcdef" } } }Expected Response:
{ "result": [ { "type": "text", "text": "Echo: test" } ] }
2๏ธโฃ MCP Server with Stdio and API Key (mcp-server-with-stdio-jwt-key-auth.py)
โถ๏ธ Run the MCP Server:
โ ๏ธ You do not need to manually run the MCP server for stdio transport. MCP Inspector will launch the server automatically.
โถ๏ธ Run the MCP Inspector:
The stdio server is typically launched by the MCP Inspector, not manually. Run the Inspector with the following command, adjusting the --directory path to your src/ directory:
npx @modelcontextprotocol/inspector uv --directory '<your-src-directory>\src' run mcp-server-with-stdio-jwt-key-auth.py --debug
๐ Open the MCP Inspector:
Open the link http://localhost:6274/?MCP_PROXY_AUTH_TOKEN=XXXXXXXXXXXXXXXXXX with its token in your browser:
๐งช Using the MCP Inspector
-
After running the above command, the Inspector will start and automatically connect to the
stdio-based server. -
Usage Flow:
-
Step 1: Login to Get JWT Token:
{ "method": "call_tool", "params": { "name": "login", "arguments": { "username": "user1", "password": "password123" } } }Response:
{ "result": [ { "type": "text", "text": "Login successful! JWT Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." } ] } -
Step 2: Use JWT Token for Authenticated Requests:
{ "method": "call_tool", "params": { "name": "echo", "arguments": { "message": "test", "_jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." } } }Response:
{ "result": [ { "type": "text", "text": "Echo (authenticated as user1): test" } ] }
-
3๏ธโฃ MCP Server with Stdio and Auth2 (mcp-server-with-stdio-auth2-auth.py)
๐ง To Do
๐ Workflow
-
๐ API Key Authentication:
- The server checks for a valid API key in the request arguments, metadata, or environment variables.
- If valid, the request is processed; otherwise, an error is returned.
- The
echotool demonstrates basic functionality.
-
๐ก๏ธ JWT Authentication:
- Users first call the
logintool with valid credentials to obtain a JWT token. - The token is used in subsequent requests for tools like
echo,secure_action, oradmin_action. - Permissions (
read,write,admin) are checked for each tool. - Tokens expire after 24 hours (configurable).
- Users first call the
-
๐ Logging:
- Logs are written to both the console and a rotating log file in the
logsdirectory. - Old log files are cleaned up based on a specified retention period.
- Logs are written to both the console and a rotating log file in the
-
๐ Testing with MCP Inspector:
- Use MCP Inspector to interact with the server via a web interface.
- Debug mode (
--debug) provides detailed output for troubleshooting.
๐ฉต Troubleshooting
-
๐ซ Invalid API Key:
- Ensure the API key is one of:
sk-1234567890abcdef,sk-abcdef1234567890,sk-test123456789. - Check environment variable
MCP_API_KEYor request arguments.
- Ensure the API key is one of:
-
โ ๏ธ Invalid JWT Token:
- Verify the token is not expired (valid for 24 hours).
- Ensure the correct
JWT_SECRETis set. - Check username/password for
logintool.
-
๐ Permission Errors:
- Ensure the user has the required permissions (
read,write, oradmin) for the requested tool.
- Ensure the user has the required permissions (
-
๐ Log Files:
- Check the
logsdirectory for detailed error messages. - Logs are named in the format
YYYYMM.log.
- Check the