MCP.so
登录
服务器

MCP Server Reference Implementation

@QuantGeekDev

Reference mcp server implementation of draft mcp oauth spec https://modelcontextprotocol.io/specification/draft/basic/authorization#2-3-authorization-server-discovery

概览

What is MCP Server Reference Implementation?

MCP Server Reference Implementation is a reference implementation of the draft Authorization spec updates using the official TypeScript SDK. It is intended for developers testing or implementing OAuth 2.1 authorization flows for MCP servers.

How to use MCP Server Reference Implementation?

Clone the repo, run npm i, npm run build, then npm run start. The server starts on port 1335. Use ngrok to tunnel the server with a custom static domain for OAuth 2.1 compliance. Configure the chosen auth provider (Cognito or Keycloak) with the resource server domain.

Key features of MCP Server Reference Implementation

  • Implements draft Authorization spec for MCP.
  • Supports two authentication providers: Cognito and Keycloak.
  • Validates scope mcp:access and <resource-id>/mcp:access.
  • Includes a companion Postman collection for testing.
  • Provides environment variable overrides for local development.

Use cases of MCP Server Reference Implementation

  • Testing OAuth 2.1 authorization flows in MCP workflows.
  • Validating authorization server discovery as per the MCP specification.
  • Self-hosting a Keycloak‑based auth server for MCP clients.
  • Developing and debugging MCP client authorization integration.

FAQ from MCP Server Reference Implementation

What runtime or dependencies are required?

Node.js and npm are required. The implementation uses the official TypeScript SDK and depends on ngrok for OAuth 2.1 testing.

Where does authentication data live?

Authentication is handled by external providers (Cognito or Keycloak). The server itself does not store user data.

Does this server support OAuth 2.1?

Yes, the implementation follows the draft Authorization spec using OAuth 2.1. OAuth 2.1 does not allow the http protocol, so ngrok with a static domain is recommended.

What transport does the server use?

The server runs on HTTP (or HTTPS via ngrok). No specific transport protocol is mentioned beyond the standard HTTP server.

Are there any known limitations?

The server is a reference implementation for testing and development. It is not intended for production use. OAuth 2.1 requires HTTPS, which necessitates ngrok or a valid TLS certificate.

标签

来自「其他」的更多内容