mcp-oauth2.1-server

mcp-oauth2.1-server

3.3
security

If you are the rightful owner of mcp-oauth2.1-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

This is a reference MCP Server implementation using the official typescript SDK.

MCP Server Reference Implementation

This is a reference MCP Server implementation of the draft Authorization spec updates using the official typescript sdk.

This repo can be used with this Postman collection

Authentication Providers

There are two separate auth provider options:

  1. Cognito
  2. Keycloak (self-hosted)

We validate the scope: mcp:access, with <resource-id>/mcp:access. For example, https://mcp-server.com/mcp:access

Important Note

Keep in mind that OAuth 2.1 doesn't allow http protocol, so you will want to use ngrok with a static url (available for free from ngrok) to properly test this out.

If you want to use localhost without ngrok because you don't care, you can override the PORT and PROTOCOL env variables for the authorization and resource servers by setting them in .envs (check config folder if you're confused)

Setup with ngrok

  1. Build and start the server:

    npm i
npm run build
npm run start

  2. The MCP server will start on port 1335.

  3. In another terminal, create the ngrok tunnel to the MCP server:

    ngrok http --domain=<get-a-custom-domain-from-ngrok(free)-and-place-here> 1335

  4. Configure this resource server in the Domains tab of your AWS Cognito dashboard

Related MCP Servers

View all security servers →
better-auth-mcp-server

better-auth-mcp-server

4.2

by nahmanmate

MCP Server for Authentication Management

security
ida-pro-mcp

ida-pro-mcp

3.7

by mrexodia

Simple MCP Server to allow vibe reversing in IDA Pro.

developer_tools
volatility3-mcp

volatility3-mcp

3.7

by Kirandawadi

Volatility3 MCP Server is a tool that integrates MCP clients with the Volatility3 memory forensics framework, enabling LLMs to perform memory forensics tasks through a conversational interface.

security
osv-mcp

osv-mcp

3.7

by StacklokLabs

An MCP server providing access to the OSV database for querying vulnerability information.

databases
ida-mcp-server-plugin

ida-mcp-server-plugin

3.6

by taida957789

IDA Pro MCP Server is a plugin that allows remote querying and control of IDA Pro through the Model Context Protocol (MCP) interface.

developer_tools
BloodHound-MCP

BloodHound-MCP

3.6

by stevenyu113228

BloodHound MCP is an extension of the BloodHound tool that enables LLMs to interact with and analyze Active Directory environments using natural language queries.

security
dynatrace-mcp

dynatrace-mcp

3.5

by dynatrace-oss

This remote MCP server allows interaction with the Dynatrace observability platform, bringing real-time observability data directly into your development workflow.

monitoring
mcp-virustotal

mcp-virustotal

3.5

by BurtTheCoder

The VirusTotal MCP Server is a Model Context Protocol server designed for querying the VirusTotal API, providing comprehensive security analysis tools with automatic relationship data fetching.

security
VibeShift

VibeShift

3.5

by GroundNG

VibeShift is an intelligent security agent designed to integrate seamlessly with AI coding assistants, acting as an automated security engineer to analyze code, identify vulnerabilities, and facilitate AI-driven remediation.

security
mcp-server-wazuh

mcp-server-wazuh

3.5

by gbrigandi

A Rust-based server designed to bridge the gap between a Wazuh Security Information and Event Management (SIEM) system and applications requiring contextual security data, specifically tailored for the Claude Desktop Integration using the Model Context Protocol (MCP).

security
mythic_mcp

mythic_mcp

3.5

by xpn

Mythic MCP is a model context protocol server designed to facilitate automated penetration testing using LLMs.

security
TriageMCP

TriageMCP

3.5

by eversinc33

TriageMCP is an MCP server designed to enable a Language Model (LLM) to perform basic static triage of Portable Executable (PE) files.

security
aws-security-mcp

aws-security-mcp

3.5

by groovyBugify

AWS Security MCP is a Model Context Protocol server that allows AI assistants to autonomously inspect and analyze AWS infrastructure for security issues.

security
sonarqube-mcp-server

sonarqube-mcp-server

3.5

by sapientpants

A Model Context Protocol (MCP) server that integrates with SonarQube to provide AI assistants with access to code quality metrics, issues, and analysis results.

developer_tools
MCP_Security

MCP_Security

3.5

by fr0gger

A Model Context Protocol (MCP) server for querying the ORKL API, providing tools for fetching and analyzing threat reports, threat actors, and sources.

security
GhidraMCP

GhidraMCP

3.5

by 13bm

A Ghidra plugin that implements the Model Context Protocol (MCP) for AI-assisted binary analysis.

developer_tools
Snyk

Snyk

3.5

by snyk

MCP (Model Context Protocol) is an open protocol that standardizes how applications share context with large language models.

security
nutrient-dws-mcp-server

nutrient-dws-mcp-server

3.5

by PSPDFKit

A Model Context Protocol (MCP) server implementation that integrates with the Nutrient Document Web Service (DWS) Processor API, providing powerful PDF processing capabilities for AI assistants.

developer_tools
pentest-mcp

pentest-mcp

3.5

by DMontgomery40

Pentest MCP is a Model Context Protocol server that integrates essential pentesting tools into a unified natural language interface, allowing security professionals to execute, chain, and analyze multiple tools through conversational commands.

security
binja-lattice-mcp

binja-lattice-mcp

3.5

by Invoke-RE

BinjaLattice is a secure communication protocol for Binary Ninja that enables interaction with external Model Context Protocol (MCP) servers and tools.

developer_tools
Wazuh-MCP-Server

Wazuh-MCP-Server

3.5

by gensecaihq

Wazuh MCP Server is an AI-powered security operations platform that integrates conversational AI with traditional SIEM operations.

security
mcp_zoomeye

mcp_zoomeye

3.5

by zoomeye-ai

A Model Context Protocol (MCP) server that provides network asset information based on query conditions.

research_and_data
vercel-mcp-server

vercel-mcp-server

3.5

by Quegenx

A powerful Model Context Protocol (MCP) server for managing Vercel deployments with comprehensive features.

cloud_platforms
shodan-mcp-server

shodan-mcp-server

3.5

by Cyreslab-AI

A Model Context Protocol (MCP) server that provides access to Shodan API functionality and CVE database, allowing AI assistants to query information about internet-connected devices, services, and vulnerabilities.

research_and_data
C4Diagrammer

C4Diagrammer

3.5

by jonverrier

C4Diagrammer is a Model Context Protocol (MCP) server implementation designed to generate documentation for existing systems, providing tools for generating code summaries and C4 architecture diagrams using Mermaid.js.

developer_tools
volatility-mcp

volatility-mcp

3.5

by Gaffx

Volatility MCP integrates Volatility 3 with FastAPI and MCP for seamless memory forensics.

security
Rootly-MCP-server

Rootly-MCP-server

3.5

by Rootly-AI-Labs

An MCP server for Rootly API that integrates with MCP-compatible editors to resolve production incidents efficiently.

developer_tools