MCP Auth Reference

v1.0.0Securitystable

🔒 Reference MCP servers that demo how authentication works with the current Model Context Protocol spec.

mcp-auth-serversmcpai-integration
Share:
50
Stars
0
Downloads
0
Weekly
0/5

What is MCP Auth Reference?

MCP Auth Reference is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to 🔒 reference mcp servers that demo how authentication works with the current model context protocol spec.

🔒 Reference MCP servers that demo how authentication works with the current Model Context Protocol spec.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • 🔒 Reference MCP servers that demo how authentication works w

Use Cases

Reference implementations demonstrating authentication with the Model Context Protocol.
Azure-Samples

Maintainer

LicenseMIT
Languagetypescript
Versionv1.0.0
UpdatedApr 21, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx mcp-auth-servers

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use MCP Auth Reference

The MCP Auth Reference Servers repository (from Azure Samples) is a collection of reference implementations that demonstrate how to integrate authentication into Model Context Protocol servers using the current MCP specification. It covers multiple identity providers including Microsoft Entra ID (confidential and public client flows) and GitHub OAuth, as well as deployment patterns such as remote servers protected by Azure API Management, local desktop app authentication via Windows Account Manager (WAM), and dual-mode servers that support both local and remote clients. Developers building production MCP servers with auth requirements should study these patterns before implementing their own authentication and authorization layers.

Prerequisites

  • Node.js 18 or later (TypeScript implementations)
  • An Azure subscription with Entra ID tenant configured, or a GitHub OAuth App, depending on which reference server you are exploring
  • Azure API Management instance if you are testing the remote/APIM-gated pattern
  • An MCP-compatible client such as Claude Desktop or VS Code with MCP support
  • Familiarity with OAuth 2.0 / OIDC flows and the MCP specification
1

Clone the repository

Clone the Azure Samples repository to your local machine to access all reference server implementations.

git clone https://github.com/Azure-Samples/mcp-auth-servers.git
cd mcp-auth-servers
2

Install dependencies

Each reference server is a separate package. Navigate to the specific implementation you want to study and install its dependencies.

npm install
3

Configure your identity provider credentials

Depending on the server variant, set the required environment variables for your identity provider (Entra ID or GitHub OAuth). Check the README of each sub-package for the exact variable names.

# For Entra ID (confidential client):
export AZURE_TENANT_ID=your-tenant-id
export AZURE_CLIENT_ID=your-client-id
export AZURE_CLIENT_SECRET=your-client-secret

# For GitHub OAuth:
export GITHUB_CLIENT_ID=your-github-client-id
export GITHUB_CLIENT_SECRET=your-github-client-secret
4

Build and run a reference server

Build the TypeScript source and start the server. Choose the variant (local, remote, or dual) that matches your intended deployment pattern.

npm run build
npm start
5

Register the server in your MCP client config

Add the running server to your MCP client configuration. For local servers this is a stdio connection; for remote servers it is an SSE or HTTP endpoint.

{
  "mcpServers": {
    "mcp-auth-demo": {
      "command": "node",
      "args": ["./build/index.js"]
    }
  }
}
6

Observe the authentication flow and extend for your use case

Connect your MCP client and trigger a tool call. Watch the authentication handshake in the server logs. Use the reference code as a starting point—adapting session token mapping, Protected Resource Metadata, and APIM gateway patterns for your production server.

MCP Auth Reference Examples

Client configuration

Example MCP client config for a locally-running auth reference server built from source.

{
  "mcpServers": {
    "mcp-auth-reference": {
      "command": "node",
      "args": ["/path/to/mcp-auth-servers/build/index.js"],
      "env": {
        "AZURE_TENANT_ID": "your-tenant-id",
        "AZURE_CLIENT_ID": "your-client-id",
        "AZURE_CLIENT_SECRET": "your-client-secret"
      }
    }
  }
}

Prompts to try

Once connected, you can test the authentication-gated tools exposed by the reference server.

- "List the tools available on the auth reference server"
- "Call the protected tool and show me the authentication flow"
- "What identity provider is this server using?"

Troubleshooting MCP Auth Reference

Authentication fails with 'invalid_client' error from Entra ID

Double-check AZURE_CLIENT_ID and AZURE_CLIENT_SECRET. For confidential client flows the app registration in Azure portal must have a client secret generated—not a certificate—and the secret must not be expired.

WAM-based public client authentication does not work

WAM (Windows Account Manager) is a Windows-only authentication mechanism. This reference server variant requires a Windows host. On macOS or Linux, use the confidential client or GitHub OAuth variants instead.

The server connects but all tool calls are rejected as unauthorized

Verify that the OAuth token scopes match what the server expects, and that the Protected Resource Metadata (PRM) endpoint is reachable from the client. This is a demo project—review the source code for exact scope requirements per server variant.

Frequently Asked Questions about MCP Auth Reference

What is MCP Auth Reference?

MCP Auth Reference is a Model Context Protocol (MCP) server that 🔒 reference mcp servers that demo how authentication works with the current model context protocol spec. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install MCP Auth Reference?

Follow the installation instructions on the MCP Auth Reference GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with MCP Auth Reference?

MCP Auth Reference works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is MCP Auth Reference free to use?

Yes, MCP Auth Reference is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

MCP Auth Reference Alternatives — Similar Security Servers

Looking for alternatives to MCP Auth Reference? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "mcp-auth-servers": { "command": "npx", "args": ["-y", "mcp-auth-servers"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use MCP Auth Reference?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides