🤫 Authenticated Remote MCP Server
@localden
About 🤫 Authenticated Remote MCP Server
Remote MCP server with auth gated by Azure API Management
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"remote-auth-mcp-apim-py": {
"command": "npx",
"args": [
"@modelcontextprotocol/[email protected]"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is 🤫 Authenticated Remote MCP Server?
It is an experimental sample that shows how to deploy an Entra ID‑protected MCP server on Azure. The server uses an OAuth 2.0 authorization pattern where the client acquires a token for the server, then uses the on‑behalf‑of flow to exchange it for a Microsoft Graph access token. This is done in a completely secretless manner.
How to use 🤫 Authenticated Remote MCP Server?
Install the Azure Developer CLI, clone the repository, register the Microsoft.App resource provider, log in with azd auth login, and deploy with azd up. After deployment, copy the endpoint and use the Model Context Protocol Inspector (or Visual Studio Code) with SSE transport and Bearer token authentication to connect. Test the get_graph_user_details tool to retrieve the authenticated user’s Microsoft Graph data.
Key features of 🤫 Authenticated Remote MCP Server
- OAuth 2.0 with PKCE to prevent authorization code interception
- Dynamic client registration without client secrets
- Encrypted session tokens and cookie‑based consent management
- CSRF protection with double‑submit cookie pattern
- Token caching with encrypted session keys for performance
- On‑behalf‑of flow to access Microsoft Graph
Use cases of 🤫 Authenticated Remote MCP Server
- Deploy a proof‑of‑concept Authenticated Remote MCP Server on Azure
- Test the full OAuth 2.0 + PKCE flow with the MCP Inspector
- Retrieve Microsoft Graph user data through an authenticated MCP tool
- Demonstrate Entra ID protection patterns for remote MCP servers
- Evaluate dynamic client registration and secretless authentication
FAQ from 🤫 Authenticated Remote MCP Server
What does this MCP server do exactly?
It acts as a protected MCP server that authenticates clients via Entra ID, dynamically registers client applications, and uses the on‑behalf‑of flow to securely call Microsoft Graph.
Is this server ready for production?
No. The README explicitly marks it as an experimental implementation and warns it should not be used in production scenarios.
What runtime dependencies are required?
The server runs on Azure Functions and Azure API Management, deployed with Bicep and Python. Testing requires Node.js (for the MCP Inspector) and the Azure Developer CLI.
Where does user data live?
User data is retrieved live from Microsoft Graph via the on‑behalf‑of flow. Tokens are cached in API Management with encrypted session keys; no persistent user data is stored locally.
How is transport and authentication handled?
Transport uses Server‑Sent Events (SSE) with a Bearer token. Authentication follows OAuth 2.0 with PKCE, dynamic client registration, and multiple secure cookies for state correlation and CSRF protection.
More Developer Tools MCP servers
test
prysmaticlabsGo implementation of Ethereum proof of stake
Unity MCP (Server + Plugin)
IvanMurzakAI Skills, MCP Tools, and CLI for Unity Engine. Full AI develop and test loop. Use cli for quick setup. Efficient token usage, advanced tools. Any C# method may be turned into a tool by a single line. Works with Claude Code, Gemini, Copilot, Cursor and any other absolutely for fr
Smithery CLI
smithery-aiInstall, manage and develop MCP servers and skills for agents
MCP Inspector
modelcontextprotocolVisual testing tool for MCP servers
Hello World MCP Server (Reference Extension)
anthropicsDesktop Extensions: One-click local MCP server installation in desktop apps
Comments