mcp-forge-python
Verified Safeby bercianor
Overview
A production-ready MCP (Model Context Protocol) server template for building AI-powered applications with OAuth 2.0 authentication and JWT validation.
Installation
uv run httpEnvironment Variables
- MCP_CLIENT_ID
- MCP_CLIENT_SECRET
Security Notes
The server employs several strong security measures, including: careful avoidance of `eval` in JWT condition checks, configurable CORS, redaction of sensitive headers in access logs, basic rate limiting for JWT validation, and whitelisting of OAuth/JWKS URIs to prevent SSRF attacks. Secrets (`client_id`, `client_secret`) are expected to be provided via environment variables (`MCP_CLIENT_ID`, `MCP_CLIENT_SECRET`) or Kubernetes secrets, not hardcoded. The `jwt_exposed_claims` configuration allows control over which JWT claims are accessible to tools, mitigating PII leakage. The default host is `127.0.0.1` to prevent accidental exposure, with clear warnings for changing to `0.0.0.0`. Environment variable expansion in configuration (`safe_expandvars`) is also whitelisted. The system encourages an 'external' JWT strategy, offloading validation to an upstream proxy, which is a robust security pattern.
Similar Servers
example-remote-server
A reference server demonstrating all Model Context Protocol (MCP) features and OAuth 2.0 authentication patterns.
mcp-python-starter
A feature-complete Model Context Protocol (MCP) server template in Python for developing AI applications and agents.
mcp-server-python-template
This server acts as a template for building Model Context Protocol (MCP) servers in Python, specifically demonstrating how to expose weather-related tools (get_alerts, get_forecast) by integrating with an external API (National Weather Service) to provide context and actions for AI models.
mcp-go-starter
A feature-complete Model Context Protocol (MCP) server template in Go demonstrating tools, resources, and prompts for AI agent interaction.