fastmcp-api-obo-demo
Verified Safeby ajafry
Overview
A FastAPI backend demonstrating the Azure AD On-Behalf-Of (OBO) token exchange flow to securely call an internal FastMCP server with user context.
Installation
python mcp_server.pyEnvironment Variables
- AUTH_TENANT_ID
- API_CLIENT_ID
- API_SCOPES
- API_SECRET
- MCP_SCOPES
- MCP_SERVER_URL
- MCP_CLIENT_ID
- MCP_SECRET
Security Notes
The application correctly uses environment variables for sensitive configuration (client IDs, secrets, tenant ID). Authentication via Azure AD (fastapi-azure-auth) and fine-grained authorization (AuthorizationMiddleware) are well-implemented. However, the FastAPI backend uses `CORSMiddleware` with `allow_origins=["*"]`, which is a significant security risk in production environments as it allows cross-origin requests from any domain.
Similar Servers
SageMCP
A scalable platform for hosting MCP servers with multi-tenant support, OAuth integration, and connector plugins for various services, deployed on Kubernetes.
fluidmcp
Orchestrates Model Context Protocol (MCP) servers and LLM inference engines (like vLLM) via a unified FastAPI gateway, enabling dynamic management, tool invocation, and multi-model LLM serving.
mcp-oauth
Provider-agnostic OAuth 2.1 Authorization Server library for Model Context Protocol (MCP) servers, enabling URL-based client identifiers with dynamic metadata discovery (CIMD).
boomi-mcp-server
Provides a secure Model Context Protocol (MCP) server for Claude Code and other AI clients to integrate with Boomi Platform APIs, enabling automated management of Boomi accounts, trading partners, and processes with OAuth 2.0 authentication and cloud-native credential storage.