Implements a reference authorization server based on the draft MCP OAuth 2.1 specification.
This reference implementation of an MCP (Model Context Protocol) server showcases the draft Authorization spec updates using the official TypeScript SDK. It supports authentication via Cognito and Keycloak, validating scopes with `mcp:access` and `<resource-id>/mcp:access`. This server implementation is designed to be used with the provided Postman collection for easy testing and integration. Note that OAuth 2.1 requires HTTPS, so using ngrok with a static URL is recommended for proper testing. Configuration via environment variables allows for customization of port and protocol.
Características Principales
010 GitHub stars
02Includes Postman collection for easy testing
03Supports Cognito and Keycloak authentication providers
04Uses official TypeScript SDK
05Scope validation for mcp:access
06Reference implementation of draft MCP OAuth 2.1 specification
Casos de Uso
01Testing and validating MCP authorization flows
02Understanding the MCP OAuth 2.1 specification
03Implementing a compliant MCP authorization server
