MCP Auth Reference
🔒 Reference MCP servers that demo how authentication works with the current Model Context Protocol spec.
What is MCP Auth Reference?
MCP Auth Reference is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to 🔒 reference mcp servers that demo how authentication works with the current model context protocol spec.
🔒 Reference MCP servers that demo how authentication works with the current Model Context Protocol spec.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- 🔒 Reference MCP servers that demo how authentication works w
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx mcp-auth-serversConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use MCP Auth Reference
The MCP Auth Reference Servers repository (from Azure Samples) is a collection of reference implementations that demonstrate how to integrate authentication into Model Context Protocol servers using the current MCP specification. It covers multiple identity providers including Microsoft Entra ID (confidential and public client flows) and GitHub OAuth, as well as deployment patterns such as remote servers protected by Azure API Management, local desktop app authentication via Windows Account Manager (WAM), and dual-mode servers that support both local and remote clients. Developers building production MCP servers with auth requirements should study these patterns before implementing their own authentication and authorization layers.
Prerequisites
- Node.js 18 or later (TypeScript implementations)
- An Azure subscription with Entra ID tenant configured, or a GitHub OAuth App, depending on which reference server you are exploring
- Azure API Management instance if you are testing the remote/APIM-gated pattern
- An MCP-compatible client such as Claude Desktop or VS Code with MCP support
- Familiarity with OAuth 2.0 / OIDC flows and the MCP specification
Clone the repository
Clone the Azure Samples repository to your local machine to access all reference server implementations.
git clone https://github.com/Azure-Samples/mcp-auth-servers.git
cd mcp-auth-serversInstall dependencies
Each reference server is a separate package. Navigate to the specific implementation you want to study and install its dependencies.
npm installConfigure your identity provider credentials
Depending on the server variant, set the required environment variables for your identity provider (Entra ID or GitHub OAuth). Check the README of each sub-package for the exact variable names.
# For Entra ID (confidential client):
export AZURE_TENANT_ID=your-tenant-id
export AZURE_CLIENT_ID=your-client-id
export AZURE_CLIENT_SECRET=your-client-secret
# For GitHub OAuth:
export GITHUB_CLIENT_ID=your-github-client-id
export GITHUB_CLIENT_SECRET=your-github-client-secretBuild and run a reference server
Build the TypeScript source and start the server. Choose the variant (local, remote, or dual) that matches your intended deployment pattern.
npm run build
npm startRegister the server in your MCP client config
Add the running server to your MCP client configuration. For local servers this is a stdio connection; for remote servers it is an SSE or HTTP endpoint.
{
"mcpServers": {
"mcp-auth-demo": {
"command": "node",
"args": ["./build/index.js"]
}
}
}Observe the authentication flow and extend for your use case
Connect your MCP client and trigger a tool call. Watch the authentication handshake in the server logs. Use the reference code as a starting point—adapting session token mapping, Protected Resource Metadata, and APIM gateway patterns for your production server.
MCP Auth Reference Examples
Client configuration
Example MCP client config for a locally-running auth reference server built from source.
{
"mcpServers": {
"mcp-auth-reference": {
"command": "node",
"args": ["/path/to/mcp-auth-servers/build/index.js"],
"env": {
"AZURE_TENANT_ID": "your-tenant-id",
"AZURE_CLIENT_ID": "your-client-id",
"AZURE_CLIENT_SECRET": "your-client-secret"
}
}
}
}Prompts to try
Once connected, you can test the authentication-gated tools exposed by the reference server.
- "List the tools available on the auth reference server"
- "Call the protected tool and show me the authentication flow"
- "What identity provider is this server using?"Troubleshooting MCP Auth Reference
Authentication fails with 'invalid_client' error from Entra ID
Double-check AZURE_CLIENT_ID and AZURE_CLIENT_SECRET. For confidential client flows the app registration in Azure portal must have a client secret generated—not a certificate—and the secret must not be expired.
WAM-based public client authentication does not work
WAM (Windows Account Manager) is a Windows-only authentication mechanism. This reference server variant requires a Windows host. On macOS or Linux, use the confidential client or GitHub OAuth variants instead.
The server connects but all tool calls are rejected as unauthorized
Verify that the OAuth token scopes match what the server expects, and that the Protected Resource Metadata (PRM) endpoint is reachable from the client. This is a demo project—review the source code for exact scope requirements per server variant.
Frequently Asked Questions about MCP Auth Reference
What is MCP Auth Reference?
MCP Auth Reference is a Model Context Protocol (MCP) server that 🔒 reference mcp servers that demo how authentication works with the current model context protocol spec. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install MCP Auth Reference?
Follow the installation instructions on the MCP Auth Reference GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with MCP Auth Reference?
MCP Auth Reference works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is MCP Auth Reference free to use?
Yes, MCP Auth Reference is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
MCP Auth Reference Alternatives — Similar Security Servers
Looking for alternatives to MCP Auth Reference? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up MCP Auth Reference in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use MCP Auth Reference?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.