| cmd/proxy | ||
| internal | ||
| .gitignore | ||
| config.yaml | ||
| go.mod | ||
| issue_template.md | ||
| LICENSE | ||
| pull_request_template.md | ||
| README.md | ||
open-mcp-auth-proxy
Overview
OpenMCPAuthProxy is a security middleware that implements the Model Context Protocol (MCP) Authorization Specification (2025-03-26). It functions as a proxy between clients and MCP servers, providing robust authentication and authorization capabilities. The proxy intercepts incoming requests, validates authentication tokens, and forwards only authorized requests to the underlying MCP server, enhancing the security posture of your MCP deployment.
Setup and Installation
Prerequisites
- Go 1.20 or higher
- A running MCP server (SSE transport supported)
Installation
git clone https://github.com/wso2/open-mcp-auth-proxy
cd open-mcp-auth-proxy
go build -o openmcpauthproxy ./cmd/proxy
Configuration
Create a configuration file config.yaml with the following parameters:
mcp_server_base_url: "http://localhost:8000" # URL of your MCP server
listen_address: ":8080" # Address where the proxy will listen
Usage Example
1. Start the MCP Server
Create a file named echo_server.py:
from mcp.server.fastmcp import FastMCP
mcp = FastMCP("Echo")
@mcp.resource("echo://{message}")
def echo_resource(message: str) -> str:
"""Echo a message as a resource"""
return f"Resource echo: {message}"
@mcp.tool()
def echo_tool(message: str) -> str:
"""Echo a message as a tool"""
return f"Tool echo: {message}"
@mcp.prompt()
def echo_prompt(message: str) -> str:
"""Create an echo prompt"""
return f"Please process this message: {message}"
if __name__ == "__main__":
mcp.run(transport="sse")
Run the server:
python3 echo_server.py
2. Start the Auth Proxy
./openmcpauthproxy --demo
The --demo flag enables a demonstration mode with pre-configured authentication with Asgardeo.
3. Connect Using an MCP Client
You can use the MCP Inspector to test the connection:
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.