phoenix-oss/open-mcp-auth-proxy-upstream
0
0
Fork 1
mirror of https://github.com/wso2/open-mcp-auth-proxy.git synced 2025-06-28 09:24:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update README.md

Browse source
This commit is contained in:
Omindu Rathnaweera 2025-04-03 02:17:07 +05:30 committed by GitHub
parent e592c721c1
commit 210eabebb9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 17 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

33
README.md
View file

@ -1,10 +1,6 @@
# Open MCP Auth Proxy # Open MCP Auth Proxy
The Model Context Protocol (MCP) specification necessitates that MCP servers use OAuth-based authorization. However, directly implementing OAuth in the MCP servers adds complexity, requires specialized knowledge, and shifts focus away from the server's core functionality. The Open MCP Auth Proxy is a lightweight proxy designed to sit in front of MCP servers and enforce authorization in compliance with the [Model Context Protocol authorization](https://spec.modelcontextprotocol.io/specification/2025-03-26/basic/authorization/) requirements. It intercepts incoming requests, validates Authorization: Bearer tokens, and offloads authentication and authorization to an OAuth-compliant Identity Provider.
The OpenMCPAuth Proxy, a lightweight proxy, sits in front of MCP servers to secure access by enforcing OAuth standards. Concealing the implementation details, it gives the MCP server the inherent ability to function as an authorization provider.
The proxy intercepts incoming requests and validates Authorization: Bearer tokens, but delegates authentication (user login, consent, token issuance) to an Auth Provider, thereby decoupling authentication logic from the core MCP service.
![image](https://github.com/user-attachments/assets/fc728670-2fdb-4a63-bcc4-b9b6a6c8b4ba) ![image](https://github.com/user-attachments/assets/fc728670-2fdb-4a63-bcc4-b9b6a6c8b4ba)
@ -18,7 +14,7 @@ The proxy intercepts incoming requests and validates Authorization: Bearer token
### **Installation** ### **Installation**
``` ```bash
git clone https://github.com/wso2/open-mcp-auth-proxy git clone https://github.com/wso2/open-mcp-auth-proxy
cd open-mcp-auth-proxy cd open-mcp-auth-proxy
go build -o openmcpauthproxy ./cmd/proxy go build -o openmcpauthproxy ./cmd/proxy
@ -26,24 +22,29 @@ go build -o openmcpauthproxy ./cmd/proxy
## Using Open MCP Auth Proxy ## Using Open MCP Auth Proxy
### Quick start with demowear ### Quick Start
Allows you to just enable authorization for your MCP server with the preconfigured auth provider powered by Asgardeo. Allows you to just enable authorization for your MCP server with the preconfigured auth provider powered by Asgardeo.
If you dont have an MCP server, as mentioned in the prerequisites, follow the instructions given here to start your own MCP server for sandbox purposes. If you dont have an MCP server, follow the instructions given here to start your own MCP server for testing purposes.
1. Download [sample MCP server](resources/echo_server.py)
2. Run the server with
```bash
python3 echo_server.py
```
#### Configure the Auth Proxy #### Configure the Auth Proxy
Create a configuration file config.yaml with the following parameters: Create a configuration file config.yaml with the following parameters:
``` ```yaml
mcp_server_base_url: "http://localhost:8000" # URL of your MCP server mcp_server_base_url: "http://localhost:8000" # URL of your MCP server
listen_address: ":8080" # Address where the proxy will listen listen_address: ":8080" # Address where the proxy will listen
``` ```
#### Start the Auth Proxy #### Start the Auth Proxy
``` ```bash
./openmcpauthproxy --demo ./openmcpauthproxy --demo
``` ```
@ -67,7 +68,7 @@ Enable authorization for the MCP server through your own Asgardeo organization
Create a configuration file config.yaml with the following parameters: Create a configuration file config.yaml with the following parameters:
``` ```yaml
mcp_server_base_url: "http://localhost:8000" # URL of your MCP server mcp_server_base_url: "http://localhost:8000" # URL of your MCP server
listen_address: ":8080" # Address where the proxy will listen listen_address: ":8080" # Address where the proxy will listen
@ -79,7 +80,7 @@ asgardeo:
#### Start the Auth Proxy #### Start the Auth Proxy
``` ```bash
./openmcpauthproxy --asgardeo ./openmcpauthproxy --asgardeo
``` ```
@ -95,7 +96,7 @@ Enable authorization for the MCP server through your Auth0 organization
Create a configuration file config.yaml with the following parameters: Create a configuration file config.yaml with the following parameters:
``` ```yaml
mcp_server_base_url: "http://localhost:8000" # URL of your MCP server mcp_server_base_url: "http://localhost:8000" # URL of your MCP server
listen_address: ":8080" # Address where the proxy will listen listen_address: ":8080" # Address where the proxy will listen
``` ```
@ -104,7 +105,7 @@ listen_address: ":8080" # Address where the proxy will
#### Start the Auth Proxy #### Start the Auth Proxy
``` ```bash
./openmcpauthproxy --auth0 ./openmcpauthproxy --auth0
``` ```
@ -116,7 +117,7 @@ Enable authorization for the MCP server with a compliant OAuth server
Create a configuration file config.yaml with the following parameters: Create a configuration file config.yaml with the following parameters:
``` ```yaml
mcp_server_base_url: "http://localhost:8000" # URL of your MCP server mcp_server_base_url: "http://localhost:8000" # URL of your MCP server
listen_address: ":8080" # Address where the proxy will listen listen_address: ":8080" # Address where the proxy will listen
``` ```
@ -124,6 +125,6 @@ listen_address: ":8080" # Address where the proxy will lis
#### Start the Auth Proxy #### Start the Auth Proxy
``` ```bash
./openmcpauthproxy ./openmcpauthproxy
``` ```