{"library":"mcp-auth","title":"MCP Auth Node.js SDK","description":"The `mcp-auth` library provides plug-and-play authentication and authorization solutions specifically for Model Context Protocol (MCP) servers in Node.js environments. It implements the OAuth 2.1 and OpenID Connect standards as required by the MCP specification, aiming to simplify the integration of MCP servers with compliant identity providers. Currently at version 0.2.0, the project is under active development with frequent releases (e.g., from v0.1.0 to v0.2.0 in a short period), indicating continuous feature additions and refinements. Key differentiators include its strict adherence to MCP authorization requirements, a focus on reducing boilerplate for OAuth/OIDC implementation, and direct support for `express` applications, providing a streamlined developer experience for securing MCP resources. It is provider-agnostic and offers tools for checking provider compliance.","language":"javascript","status":"active","last_verified":"Wed Apr 22","install":{"commands":["npm install mcp-auth"],"cli":null},"imports":["import { MCPAuth } from 'mcp-auth';","import { fetchServerConfig } from 'mcp-auth';","app.use(mcpAuth.bearerAuth('jwt', { requiredScopes: ['read', 'write'] }));"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"import express from 'express';\nimport { MCPAuth, fetchServerConfig } from 'mcp-auth';\nimport { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js'; // Assuming @modelcontextprotocol/sdk is installed\n\nconst initializeMcpAuth = async () => {\n  const server = new McpServer({ name: 'my-mcp-server', version: '1.0.0' });\n  \n  // Replace with your actual auth server URL, e.g., 'https://your-oidc-provider.com/realms/master'\n  // For local testing, ensure your OIDC provider is running and accessible.\n  const authServerUrl = process.env.AUTH_SERVER_URL ?? 'https://example.com/auth';\n  \n  const mcpAuth = new MCPAuth({\n    server: await fetchServerConfig(authServerUrl, { type: 'oidc' }),\n  });\n\n  const app = express();\n  app.use(express.json()); // Required for parsing JSON request bodies\n\n  // Apply bearer token authentication middleware\n  app.use(mcpAuth.bearerAuth('jwt', { requiredScopes: ['read', 'write'] }));\n\n  // Define an MCP tool that utilizes authInfo\n  server.tool('whoami', ({ authInfo }) => {\n    // authInfo contains decoded token claims, e.g., authInfo.sub, authInfo.email\n    console.log('Auth Info:', authInfo);\n    return { content: [{ type: 'text', text: `You are ${authInfo?.sub || 'an unknown user'}` }] };\n  });\n\n  // Example route to serve the MCP server, assuming @modelcontextprotocol/sdk/express is used\n  // You would typically integrate 'server' with an actual MCP Express handler.\n  app.post('/mcp', (req, res) => {\n    // This is a placeholder. In a real app, you'd integrate `server` via an MCP Express handler.\n    // e.g., from '@modelcontextprotocol/sdk/express' or 'express-mcp-handler'\n    res.status(200).json({ message: 'MCP endpoint hit, authInfo available in tools' });\n  });\n\n  const PORT = process.env.PORT || 3000;\n  app.listen(PORT, () => {\n    console.log(`MCP Auth server running on http://localhost:${PORT}`);\n  });\n};\n\ninitializeMcpAuth().catch(console.error);","lang":"typescript","description":"This quickstart demonstrates how to initialize `mcp-auth` with an OIDC provider, apply bearer token authentication to an Express application, and access authenticated user information within an MCP server tool definition. It highlights the `MCPAuth` class, `fetchServerConfig` utility, and middleware integration.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}