MCPServer-with-Auth

nskw-d/MCPServer-with-Auth

3.2

If you are the rightful owner of MCPServer-with-Auth and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.

This project demonstrates an Auth0-protected Model Context Protocol (MCP) server and client, showcasing authenticated access to tools.

Tools
1
Resources
0
Prompts
0

MCPServer-with-Auth

Auth0-protected MCP server and client demonstrating authenticated tool access.

Highlights

  • The server in mcp_server.py runs FastMCP with Auth0-specific token verification and exposes a get_time tool.
  • mcp_client.py walks through the OAuth authorization code flow with a local callback, a token exchange, and Selenium browser automation for incognito/private mode.
  • .env_example gathers the secrets and configuration so the repository can remain public.

Prerequisites

  • Python 3.13 or newer.
  • Install the project dependencies in editable mode so you can import the modules locally:
uv sync

Environment setup

  1. Copy .env_example to .env (Windows: copy .env_example .env, macOS/Linux: cp .env_example .env).
  2. Fill in Auth0 values and MCP host settings. The required variables are:
    • AUTH0_DOMAIN
    • AUTH0_CLIENT_ID
    • AUTH0_CLIENT_SECRET
    • AUTH0_AUDIENCE
    • JWT_ALGORITHM (usually RS256)
    • MCP_HOST
    • MCP_PORT
    • REQUIRED_PERMISSION (defaults to access:mcp)
    • OAUTH_CALLBACK_URI
    • OAUTH_CALLBACK_PORT
    • GOOGLE_API_KEY
  3. Make sure a Selenium WebDriver (ChromeDriver, geckodriver, or EdgeDriver) is installed and reachable from your PATH if you want the client to launch a browser automatically.

Running the server

uv run mcp_server.py

If uv is unavailable, run python mcp_server.py instead. The server logs the Auth0 configuration, binds to the configured host/port, and enforces JWT validation before returning the get_time result.

Running the client

uv run mcp_client.py

Or python mcp_client.py. The client opens the authorization URL in an incognito/private window, waits for the callback on the configured port, exchanges the code for tokens, lists tools/resources, and invokes get_time as an example. The browser automation falls back to the default system browser if no webdriver is found.

Troubleshooting

  • If Selenium cannot launch a browser, verify that a compatible driver exists on PATH and matches the installed browser version.
  • Enable extra logging by setting LOG_LEVEL=DEBUG in your code before starting the server or client.
  • Ensure the Auth0 application uses the same callback URI and audience that the scripts expect.

License

This project is available under the MIT License (see LICENSE).