mcp-auth-go-sdk
Verified Safeby djoreilly
Overview
Tests OAuth support for the Model Context Protocol (MCP) Go SDK using Keycloak and MCP Inspector, providing an example MCP server with authenticated tools.
Installation
go run .Security Notes
Implements standard OAuth 2.0 Bearer token authentication with JWT validation using Keycloak as the OIDC provider. It fetches and automatically refreshes JWKS for cryptographic key validation, which is good practice. The server binds to localhost, limiting direct external exposure. No obvious malicious patterns, 'eval' usage, or hardcoded sensitive secrets are present for its intended purpose as an example server. Production deployments would typically require additional hardening such as rate limiting (which the code explicitly notes as a potential need).
Similar Servers
oauth-mcp-proxy
OAuth 2.1 authentication library for Go MCP servers, supporting both mark3labs and official SDKs for token validation and caching.
keycloak-mcp
Manages Keycloak users, realms, clients, roles, and groups through a standardized Model Context Protocol (MCP) interface for AI agents.
mcp-server-playground
A playground and reference implementation for a Model Context Protocol (MCP) server, featuring streamable HTTP transport, OAuth proxy for third-party authorization servers like Auth0, and stateful session management.
mcp-oauth
Provider-agnostic OAuth 2.1 Authorization Server library for Model Context Protocol (MCP) servers, enabling URL-based client identifiers with dynamic metadata discovery (CIMD).