flowsoft-org/mcp-authentication-samples
If you are the rightful owner of mcp-authentication-samples and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
This is a sample implementation of a Model Context Protocol (MCP) server that serves programming jokes with token-based authentication using FastAPI.
MCP Authentication Samples ๐
This repository contains sample code for building Model Context Protocol (MCP) servers with authentication using FastAPI and FastMCP.
Running the Server ๐ฅ๏ธ
- Open this folder in VS Code
- (If using devcontainer) Click "Reopen in Container" if prompted
- Install dependencies:
pip install -r requirements.txt - Start the server:
python server.py
The server will start on http://localhost:8000
Authentication with Microsoft Entra ID (Azure AD) ๐
This sample demonstrates how to protect your MCP server using OAuth2 Bearer tokens from Microsoft Entra ID (Azure AD).
Required Entra ID Application Setup ๐ ๏ธ
- Register an Application in Microsoft Entra ID (Azure AD) via the Azure Portal.
- Expose an API:
- Go to "Expose an API" in your app registration.
- Set the Application ID URI (e.g.,
api://<APPUUID>). - Add a scope (e.g.,
mcp.tools).
- Configure Authentication:
- Add a redirect URI if needed for your client.
- Get the following values for your app:
- Tenant ID
- Application (client) ID
- Application ID URI
- Scope name
Update Your Code and Resource Metadata โ๏ธ
-
Update
BearerAuthProviderinserver.py:- Replace
<ENTRATENANTID>with your Entra tenant ID. - Replace
<APPUUID>with your Application (client) ID or Application ID URI. - Set the correct
jwks_uri,issuer,audience, andrequired_scopes.
Example:
auth = BearerAuthProvider( jwks_uri="https://login.microsoftonline.com/<ENTRATENANTID>/discovery/v2.0/keys", issuer="https://sts.windows.net/<ENTRATENANTID>/", algorithm="RS256", audience="api://<APPUUID>", required_scopes=["mcp.tools"] ) - Replace
-
Update
oauth-protected-resource.json:- Ensure this file matches your application's metadata, including resource ID, scopes, and issuer.
Example: oauth-protected-resource.json ๐
{
"resource": "api://<APPUUID>",
"issuer": "https://sts.windows.net/<ENTRATENANTID>/",
"scopes": ["mcp.tools"]
}
Replace placeholders with your actual values.
GitHub Copilot Agent Mode ๐ค
This MCP server can also be used in GitHub Copilot Agent mode in VS Code. To enable this:
- Ensure the server is running.
- Use the
mcp.jsonfile to configure the MCP server for GitHub Copilot. - Start the server from the
mcp.jsonconfiguration.
Testing ๐งช
You can test the protected endpoint using curl:
curl -H "Authorization: Bearer <token>" http://localhost:8000/mcp
If no or an invalid token is provided, you will receive a 401 Unauthorized response.
License ๐
See .
