MCP.so
登录

🤫 Authenticated Remote MCP Server

@localden

关于 🤫 Authenticated Remote MCP Server

Remote MCP server with auth gated by Azure API Management

基本信息

分类

开发工具

许可证

MIT

运行时

bicep

传输方式

stdio

发布者

localden

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "remote-auth-mcp-apim-py": {
      "command": "npx",
      "args": [
        "@modelcontextprotocol/[email protected]"
      ]
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is 🤫 Authenticated Remote MCP Server?

It is an experimental sample that shows how to deploy an Entra ID‑protected MCP server on Azure. The server uses an OAuth 2.0 authorization pattern where the client acquires a token for the server, then uses the on‑behalf‑of flow to exchange it for a Microsoft Graph access token. This is done in a completely secretless manner.

How to use 🤫 Authenticated Remote MCP Server?

Install the Azure Developer CLI, clone the repository, register the Microsoft.App resource provider, log in with azd auth login, and deploy with azd up. After deployment, copy the endpoint and use the Model Context Protocol Inspector (or Visual Studio Code) with SSE transport and Bearer token authentication to connect. Test the get_graph_user_details tool to retrieve the authenticated user’s Microsoft Graph data.

Key features of 🤫 Authenticated Remote MCP Server

  • OAuth 2.0 with PKCE to prevent authorization code interception
  • Dynamic client registration without client secrets
  • Encrypted session tokens and cookie‑based consent management
  • CSRF protection with double‑submit cookie pattern
  • Token caching with encrypted session keys for performance
  • On‑behalf‑of flow to access Microsoft Graph

Use cases of 🤫 Authenticated Remote MCP Server

  • Deploy a proof‑of‑concept Authenticated Remote MCP Server on Azure
  • Test the full OAuth 2.0 + PKCE flow with the MCP Inspector
  • Retrieve Microsoft Graph user data through an authenticated MCP tool
  • Demonstrate Entra ID protection patterns for remote MCP servers
  • Evaluate dynamic client registration and secretless authentication

FAQ from 🤫 Authenticated Remote MCP Server

What does this MCP server do exactly?

It acts as a protected MCP server that authenticates clients via Entra ID, dynamically registers client applications, and uses the on‑behalf‑of flow to securely call Microsoft Graph.

Is this server ready for production?

No. The README explicitly marks it as an experimental implementation and warns it should not be used in production scenarios.

What runtime dependencies are required?

The server runs on Azure Functions and Azure API Management, deployed with Bicep and Python. Testing requires Node.js (for the MCP Inspector) and the Azure Developer CLI.

Where does user data live?

User data is retrieved live from Microsoft Graph via the on‑behalf‑of flow. Tokens are cached in API Management with encrypted session keys; no persistent user data is stored locally.

How is transport and authentication handled?

Transport uses Server‑Sent Events (SSE) with a Bearer token. Authentication follows OAuth 2.0 with PKCE, dynamic client registration, and multiple secure cookies for state correlation and CSRF protection.

评论

开发工具 分类下的更多 MCP 服务器