phoenix-oss/open-mcp-auth-proxy-upstream
0
0
Fork 1
mirror of https://github.com/wso2/open-mcp-auth-proxy.git synced 2026-02-07 04:34:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
Authentication and Authorization Proxy for MCP Servers
92 commits 10 branches 5 tags 423 KiB
Find a file
Exact
Thilina Shashimal Senarath 081f010c8f
Some checks failed
Go CI / Test (push) Failing after 13s
Details
Go CI / Test-1 (push) Failing after 13s
Details
Go CI / Build (push) Successful in 34s
Details
Go CI / Build-1 (push) Successful in 35s
Details
Go CI / Build-2 (push) Successful in 35s
Details
Go CI / Build-3 (push) Successful in 48s
Details
Merge pull request #46 from sahandilshan/main 
Add deprecation note
2026-02-02 11:49:08 +05:30
.github Update release workflow action 2025-06-22 20:52:01 +05:30
cmd/proxy Misc improvements 2025-08-11 16:39:35 +05:30
docs/integrations Improve formatting 2025-04-15 09:12:51 +05:30
internal Merge pull request #42 from shashimalcse/fix-baseurl 2025-09-25 12:47:47 +05:30
resources Improve example MCP server 2025-08-11 16:39:46 +05:30
.gitignore Handle spawning subprocess within windows 2025-05-18 16:14:09 +05:30
config.yaml Misc improvements 2025-08-11 16:39:35 +05:30
CONTRIBUTING.md Improve readme 2025-08-06 14:50:20 +05:30
go.mod Add release workflow (#23) 2025-04-18 15:12:32 +05:30
go.sum Add release workflow (#23) 2025-04-18 15:12:32 +05:30
issue_template.md Add Issue Template 2025-04-02 10:47:50 +05:30
LICENSE Initial commit 2025-04-02 10:45:59 +05:30
Makefile Move build from source to the end of readme 2025-05-18 16:44:10 +05:30
pull_request_template.md Remove unnecessary fields from PR template 2025-05-03 01:06:41 +05:30
README.md Deprecation note 2026-02-02 11:46:25 +05:30

README.md

⚠️ Repository Deprecation Notice

This repository is officially DEPRECATED and has been ARCHIVED.

WSO2 is no longer actively contributing to or maintaining this project.

  • No new features will be added.
  • No security patches or bug fixes will be provided.
  • Issues and Pull Requests have been closed.

Why is this happening?

This solution is being deprecated to focus our efforts on more modern Identity and Access Management (IAM) and MCP (Model Context Protocol) implementations.

What should you do?

If you are currently using this proxy, we recommend:

  1. Forking the repository if you need to continue development for your own use cases.
  2. Transition to Official WSO2 MCP Support: The capabilities previously explored in this proxy are now being integrated into WSO2s core identity offerings. We recommend migrating to these officially supported solutions for production use cases:

Open MCP Auth Proxy

A lightweight authorization proxy for Model Context Protocol (MCP) servers that enforces authorization according to the MCP authorization specification

🚀 Release 💬 Stackoverflow 💬 Discord 🐦 Twitter 📝 License

Architecture Diagram

🚀 Features

  • Dynamic Authorization: based on MCP Authorization Specification.
  • JWT Validation: Validates the tokens signature, checks the audience claim, and enforces scope requirements.
  • Identity Provider Integration: Supports integrating any OAuth/OIDC provider such as Asgardeo, Auth0, Keycloak, etc.
  • Protocol Version Negotiation: via MCP-Protocol-Version header.
  • Flexible Transport Modes: Supports STDIO, SSE and streamable HTTP transport options.

🛠️ Quick Start

Prerequisites

  • A running MCP server (Use the example MCP server if you don't have an MCP server already)
  • An MCP client that supports MCP authorization specification

  1. Download the latest release from Github releases.

  2. Start the proxy in demo mode (uses pre-configured authentication with Asgardeo sandbox):

  • Linux/macOS:
./openmcpauthproxy --demo
  • Windows:
.\openmcpauthproxy.exe --demo
  1. Connect using an MCP client like MCP Inspector.

🔒 Integrate an Identity Provider

Asgardeo

To enable authorization through your Asgardeo organization:

  1. Register and create an organization in Asgardeo

  2. Create an M2M application

  3. Authorize this application to invoke "Application Management API" with the internal_application_mgt_create scope image

  4. Update config.yaml with the following parameters.

base_url: "http://localhost:8000"                              # URL of your MCP server  
listen_port: 8080                                              # Address where the proxy will listen

resource_identifier: "http://localhost:8080"                 # Proxy server URL
scopes_supported:                                            # Scopes required to defined for the MCP server
- "read:tools"
- "read:resources"
audience: "<audience_value>"                                 # Access token audience
authorization_servers:                                       # Authorization server issuer identifier(s)
- "https://api.asgardeo.io/t/acme"
jwks_uri: "https://api.asgardeo.io/t/acme/oauth2/jwks"       # JWKS URL
  1. Start the proxy with Asgardeo integration:
./openmcpauthproxy --asgardeo

Other OAuth Providers

Transport Modes

STDIO Mode

When using stdio mode, the proxy:

  • Starts an MCP server as a subprocess using the command specified in the configuration
  • Communicates with the subprocess through standard input/output (stdio)

Note

: Any commands specified (like npx in the example below) must be installed on your system first

  1. Configure stdio mode in your config.yaml:
stdio:
  enabled: true
  user_command: "npx -y @modelcontextprotocol/server-github"  # Example using a GitHub MCP server
  env:                           # Environment variables (optional)
    - "GITHUB_PERSONAL_ACCESS_TOKEN=gitPAT"
  1. Run the proxy with stdio mode:
./openmcpauthproxy --demo
  • SSE Mode (Default): For Server-Sent Events transport
  • Streamable HTTP Mode: For Streamable HTTP transport

Available Command Line Options

# Start in demo mode (using Asgardeo sandbox)
./openmcpauthproxy --demo

# Start with your own Asgardeo organization
./openmcpauthproxy --asgardeo

# Use stdio transport mode instead of SSE
./openmcpauthproxy --demo --stdio

# Enable debug logging
./openmcpauthproxy --demo --debug

# Show all available options
./openmcpauthproxy --help

Contributing

We appreciate your contributions, whether it is improving documentation, adding new features, or fixing bugs. To get started, please refer to our contributing guide.