Open MCP Auth Proxy
by wso2
Open MCP Auth Proxy is a lightweight authorization proxy for Model Context Protocol (MCP) servers. It enforces authorization according to the MCP authorization specification.
Last updated: N/A
What is Open MCP Auth Proxy?
Open MCP Auth Proxy is a proxy server that sits between MCP clients and MCP servers to intercept incoming requests, validate authorization tokens, and offload authentication and authorization to OAuth-compliant Identity Providers, supporting the MCP authorization protocol.
How to use Open MCP Auth Proxy?
To use the Open MCP Auth Proxy, you need to install it, configure it with your MCP server URL and identity provider details (like Asgardeo), and then run it. You can use the --demo flag for quick testing with a pre-configured Asgardeo sandbox. For more advanced usage, you can configure transport modes (SSE or stdio) and CORS settings.
Key features of Open MCP Auth Proxy
Intercepts incoming requests to MCP servers
Validates authorization tokens
Offloads authentication and authorization to OAuth-compliant Identity Providers
Supports the MCP authorization protocol
Supports SSE and stdio transport modes
Integrates with Asgardeo and other OAuth providers
Provides a demo mode for quick testing
Configurable CORS settings
Use cases of Open MCP Auth Proxy
Securing MCP servers with OAuth-based authentication
Implementing fine-grained authorization policies for MCP resources
Centralizing authentication and authorization for multiple MCP servers
Integrating MCP servers with existing identity management systems
FAQ from Open MCP Auth Proxy
What is MCP?
What is MCP?
MCP stands for Model Context Protocol, a protocol for exchanging model data in real-time.
What identity providers are supported?
What identity providers are supported?
The proxy primarily supports Asgardeo, but can be integrated with other OAuth providers like Auth0.
What is the difference between SSE and stdio transport modes?
What is the difference between SSE and stdio transport modes?
SSE is for Server-Sent Events transport, while stdio is for MCP servers that use standard input/output (stdio) transport. Stdio mode allows the proxy to start the MCP server as a subprocess.
How do I configure the proxy with Asgardeo?
How do I configure the proxy with Asgardeo?
You need to register an M2M application in Asgardeo, authorize it to invoke the Application Management API, and then update the config.yaml file with your Asgardeo organization name, client ID, and client secret.
Can I use the proxy with a local MCP server?
Can I use the proxy with a local MCP server?
Yes, you can use the proxy with a local MCP server. The README provides an example of setting up and running a local echo server for testing.