π SSE MCP Server with JWT Authentication
@anisirji
Secure middleware server implementing Model Context Protocol (MCP) over SSE with JWT authentication. Enables standardized communication between AI tools and clients with dynamic tool registration, request logging, and session management. Perfect for building production-ready AI s
Overview
What is π SSE MCP Server with JWT Authentication?
This server is a Model Context Protocol (MCP) SSE server that provides JWTβbased authentication for exposing multiple AI tools over an SSE transport. It is designed for developers needing secure remote access to MCP tools with flexible token management.
How to use π SSE MCP Server with JWT Authentication?
Clone the repository, install dependencies with npm install, create a .env file with a JWT_SECRET, and run npm run dev to start the server on http://localhost:3001/sse. Generate a JWT token via GET /auth/token?username=<username>&scope=mcp:access. Then connect to the SSE endpoint using the token in the Authorization header.
Key features of π SSE MCP Server with JWT Authentication
- Secure SSE connection with Bearer JWT token
- Dynamic tool registration (echo, time, random number)
- Tested with @modelcontextprotocol/inspector
- Session management for /message endpoint
- Ready to extend for production use
Use cases of π SSE MCP Server with JWT Authentication
- Expose multiple AI tools over SSE with JWT authentication
- Test MCP tools using @modelcontextprotocol/inspector
- Prototype and extend a secure MCP server for production
FAQ from π SSE MCP Server with JWT Authentication
What transport does this server use?
It uses SSE (ServerβSent Events) with JWT Bearer token authentication.
How do I generate an authentication token?
Send a GET request to /auth/token?username=<username>&scope=mcp:access.
What tools are included by default?
Default tools are test, echo, get-time, and random-number.
What are the runtime requirements?
Node.js, Express, @modelcontextprotocol/sdk, JWT, and Zod.
Is this server ready for production?
It is designed to be extended for production use; upcoming changes include token revocation, roleβbased access, and rate limiting.