authful-mcp-proxy
Verified Safeby stephaneberle9
Overview
A Model Context Protocol (MCP) proxy server that performs OIDC authentication to obtain access tokens for remote MCP servers protected by token validation, and bridges HTTP transport to local stdio for MCP clients.
Installation
uvx authful-mcp-proxy --oidc-issuer-url https://auth.example.com --oidc-client-id my-client https://mcp.example.com/mcpEnvironment Variables
- MCP_BACKEND_URL
- OIDC_ISSUER_URL
- OIDC_CLIENT_ID
- OIDC_CLIENT_SECRET
- OIDC_SCOPES
- OIDC_REDIRECT_URL
- MCP_PROXY_DEBUG
Security Notes
The server implements OAuth 2.0 Authorization Code Flow with PKCE, which is a secure method for public clients. It uses `secrets.compare_digest` for state validation to prevent CSRF, and securely stores tokens using a local `DiskStore`. Configuration (client ID, secret) is expected via environment variables or CLI arguments, preventing hardcoded secrets. The proxy opens a local HTTP server for OIDC redirects, which is a standard and expected behavior for desktop applications. While local token storage always carries an inherent risk if the user's machine is compromised, the implementation adheres to OIDC best practices to minimize common vulnerabilities.
Similar Servers
mcp-context-forge
Converts web content (HTML, PDF, DOCX, etc.) and local files from a URL into high-quality Markdown format. It supports multiple conversion engines, content optimization, batch processing, and image handling.
jetski
Jetski is an open-source platform providing analytics, authentication, and simplified client setup for Model Context Protocol (MCP) servers by acting as a proxy.
mcp-server-playground
A playground and reference implementation for a Model Context Protocol (MCP) server, featuring streamable HTTP transport, OAuth proxy for third-party authorization servers like Auth0, and stateful session management.
mcp-marketplace
A comprehensive AI agent framework that facilitates tool orchestration and access to a marketplace of MCP (Model Context Protocol) servers, offering a web-based client for chat, administration, and benchmarking.