mcp-server-auth-poc

Name: mcp-server-auth-poc
Author: ashera96

Verified Safe

by ashera96

View Source

Overview

An MCP server demonstrating dual authentication (API Key and OAuth 2.0 Client Credentials) for tool invocation in a stateless mode.

Installation

Run Command

npm start

Environment Variables

PORT
USE_HTTPS

Security Notes

Critical: Hardcoded secrets (API key, JWT secret, OAuth client ID/secret) are present in `src/index.ts`. The OAuth2 token store is in-memory and non-persistent. Broad CORS (`app.use(cors())`) is enabled. These are explicitly noted as POC limitations in the README, requiring significant hardening for production (e.g., using environment variables, persistent storage, and restricted CORS). No 'eval' or malicious patterns were found. The `./generate-certs.sh` script creates self-signed certificates suitable only for development.

Similar Servers

jetski

201

Jetski is an open-source platform providing analytics, authentication, and simplified client setup for Model Context Protocol (MCP) servers by acting as a proxy.

Other

$Medium

example-remote-server

A reference server demonstrating all Model Context Protocol (MCP) features and OAuth 2.0 authentication patterns.

Other

$Medium

mcp-server-playground

A playground and reference implementation for a Model Context Protocol (MCP) server, featuring streamable HTTP transport, OAuth proxy for third-party authorization servers like Auth0, and stateful session management.

Other

$Medium

mcp-s-oauth

Universal OAuth middleware for MCP (Model Context Protocol) servers, enabling authentication with various OAuth providers.

Other

$Low

Stats

Interest Score0

Security Score4

Cost ClassLow

Stars0

Forks0

Last Update2026-01-18

mcp-server-auth-poc

Overview

Installation

Environment Variables

Security Notes

Similar Servers

jetski

example-remote-server

mcp-server-playground

mcp-s-oauth

Stats

Tags