🔒 MCP Server Authentication Reference Collection

🔒 MCP Server Authentication Reference Collection

By localden GitHub

🔒 Reference MCP servers that demo how authentication works with the current Model Context Protocol spec.

security authentication
Overview

What is MCP Server Authentication Reference Collection?

MCP Server Authentication Reference Collection is a repository that provides reference servers demonstrating how authentication works with the Model Context Protocol (MCP) specification.

How to use MCP Server Authentication?

To use the reference servers, clone the repository from GitHub and follow the provided examples to implement authentication scenarios based on your needs.

Key features of MCP Server Authentication?

  • Demonstrates various authentication scenarios using MCP.
  • Supports multiple identity providers like Entra ID and GitHub.
  • Provides different server types: Remote, Local, and Dual-purpose MCP servers.

Use cases of MCP Server Authentication?

  1. Implementing secure authentication for applications using the Model Context Protocol.
  2. Testing authentication flows with different identity providers.
  3. Demonstrating authentication mechanisms in educational or development environments.

FAQ from MCP Server Authentication?

  • Is the code production-ready?

No, the code is for demo purposes only. Always conduct a security audit for production use.

  • What identity providers are supported?

Currently, Entra ID and GitHub are supported for authentication scenarios.

  • Can I run the servers locally?

Yes, there are options for both local and remote server configurations.

Content

IMPORTANT

This is now moved under one of the official Microsoft-supported GitHub organizations. Please use that repository as a point of reference.

🔒 MCP Server Authentication Reference Collection

Reference servers that demo how authentication works with the current Model Context Protocol spec.

WARNING

Code presented here is for demo purposes only. Your specific scenarios (including rules inside your enterprise, specific security controls, or other protection mechanisms) may differ from the ones that are outlined in this repository. Always conduct a security audit and threat modeling for any production and customer-facing assets that require authentication and authorization.

Scenarios

Servers above are designed for various runtime scenarios. They are tagged as follows:

  • Remote MCP servers: Remote MCP Server
  • Local MCP servers: Local MCP Server
  • Dual-purpose MCP servers (can run locally or remotely): Dual-purpose MCP Server

Supported identity providers

ProviderScenarioServer TypeImplementationState
Entra IDConfidential client, mapped to session token.Dual-purpose MCP Serverentra-id-cca-sessionState: Prototype
Entra IDPublic client, using WAMLocal MCP Serverentra-id-local-wamState: Prototype
GitHubGitHub application w/OAuth, mapped to session token.Dual-purpose MCP Servergithub-app-sessionState: Prototype
No tools information available.
MCP Kali Server
MCP Kali Server by Wh0am123

MCP configuration to connect AI agent to a Linux machine.

security mcp
View Details
😎 Contributing

🔥🔒 Awesome MCP (Model Context Protocol) Security 🖥️

security exploit
View Details
mcp-security-sandbox

MCP Security Playground - Hack with MCP Servers, MCP Clients. Try out different vulnerabilities and abuse LLMs and agents in a UI friendly experimentation lab

security playground
View Details
ZeroPath MCP Server
ZeroPath MCP Server by ZeroPathAI

Open-source MCP server for querying ZeroPath security issues, patches, and scans using Claude, Cursor, Windsurf, or any AI assistant.

security appsec
View Details
Arcjet - MCP Server

Arcjet Model Context Protocol (MCP) server. Help your AI agents implement bot detection, rate limiting, email validation, attack protection, data redaction.

security mcp
View Details
MCP Ethical Hacking

MCP Ethical Hacking Security sample for educational

security ai
View Details
better-auth-mcp-server MCP Server

-

better-auth authentication
View Details