MCP.so
登录

MCP Server Reference Implementation

@QuantGeekDev

关于 MCP Server Reference Implementation

Reference mcp server implementation of draft mcp oauth spec https://modelcontextprotocol.io/specification/draft/basic/authorization#2-3-authorization-server-discovery

基本信息

分类

其他

运行时

node

传输方式

stdio

发布者

QuantGeekDev

配置

暂无标准配置

该服务器的 README 中没有可解析的 MCP 配置块,请前往代码仓库查看安装说明。

代码仓库

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is MCP Server Reference Implementation?

MCP Server Reference Implementation is a reference implementation of the draft Authorization spec updates using the official TypeScript SDK. It is intended for developers testing or implementing OAuth 2.1 authorization flows for MCP servers.

How to use MCP Server Reference Implementation?

Clone the repo, run npm i, npm run build, then npm run start. The server starts on port 1335. Use ngrok to tunnel the server with a custom static domain for OAuth 2.1 compliance. Configure the chosen auth provider (Cognito or Keycloak) with the resource server domain.

Key features of MCP Server Reference Implementation

  • Implements draft Authorization spec for MCP.
  • Supports two authentication providers: Cognito and Keycloak.
  • Validates scope mcp:access and <resource-id>/mcp:access.
  • Includes a companion Postman collection for testing.
  • Provides environment variable overrides for local development.

Use cases of MCP Server Reference Implementation

  • Testing OAuth 2.1 authorization flows in MCP workflows.
  • Validating authorization server discovery as per the MCP specification.
  • Self-hosting a Keycloak‑based auth server for MCP clients.
  • Developing and debugging MCP client authorization integration.

FAQ from MCP Server Reference Implementation

What runtime or dependencies are required?

Node.js and npm are required. The implementation uses the official TypeScript SDK and depends on ngrok for OAuth 2.1 testing.

Where does authentication data live?

Authentication is handled by external providers (Cognito or Keycloak). The server itself does not store user data.

Does this server support OAuth 2.1?

Yes, the implementation follows the draft Authorization spec using OAuth 2.1. OAuth 2.1 does not allow the http protocol, so ngrok with a static domain is recommended.

What transport does the server use?

The server runs on HTTP (or HTTPS via ngrok). No specific transport protocol is mentioned beyond the standard HTTP server.

Are there any known limitations?

The server is a reference implementation for testing and development. It is not intended for production use. OAuth 2.1 requires HTTPS, which necessitates ngrok or a valid TLS certificate.

评论

其他 分类下的更多 MCP 服务器