MCP Server Authentication Reference Collection
by localden
This repository provides reference servers that demonstrate authentication with the Model Context Protocol (MCP) specification. These servers are designed for various runtime scenarios and showcase different identity providers.
Last updated: N/A
[!IMPORTANT] This is now moved under one of the official Microsoft-supported GitHub organizations. Please use that repository as a point of reference.
🔒 MCP Server Authentication Reference Collection
Reference servers that demo how authentication works with the current Model Context Protocol spec.
[!WARNING] Code presented here is for demo purposes only. Your specific scenarios (including rules inside your enterprise, specific security controls, or other protection mechanisms) may differ from the ones that are outlined in this repository. Always conduct a security audit and threat modeling for any production and customer-facing assets that require authentication and authorization.
Scenarios
Servers above are designed for various runtime scenarios. They are tagged as follows:
- Remote MCP servers:
Remote MCP Server
- Local MCP servers:
Local MCP Server
- Dual-purpose MCP servers (can run locally or remotely):
Dual-purpose MCP Server
Supported identity providers
| Provider | Scenario | Server Type | Implementation | State | |:---------|:---------|:------------|:---------------|:------| | Entra ID | Confidential client, mapped to session token. |
Dual-purpose MCP Server
entra-id-cca-session | 
State: Prototype
Local MCP Server
entra-id-local-wam | State: Prototype
Dual-purpose MCP Server
github-app-session | State: Prototype