yilmazali325

mcpauth

Community yilmazali325
Updated

Drop-in OAuth 2.1 + Dynamic Client Registration for MCP servers, backed by mcpauth (https://getmcpauth.dev)

mcpauth

npm versionnpm downloadslicense

Drop-in OAuth 2.1 + Dynamic Client Registration (RFC 7591) for MCP servers, backed by mcpauth.

Wraps the official @modelcontextprotocol/sdk's requireBearerAuth middleware so unauthenticated or invalid requests get rejected with a spec-correct 401 before they ever reach your MCP server's handlers.

Install

npm install getmcpauth

Usage

import express from "express";
import { mcpAuth } from "getmcpauth";

const app = express();

app.use(
  "/mcp",
  mcpAuth({ registrationSecret: process.env.MCPAUTH_SECRET })
);

// Unauthenticated or invalid requests never reach this handler.
app.post("/mcp", handleMcpRequest);

Get a registrationSecret by creating a project at getmcpauth.dev/dashboard — it's your MCP server's credential for both Dynamic Client Registration and token verification.

MCP clients (Claude, ChatGPT, custom agent frameworks) then discover your auth setup automatically via /.well-known/oauth-authorization-server — no manual client configuration needed.

API

  • mcpAuth(options) — the middleware above. Successful token verifications are cached in-process (default 30s) so a chatty agent conversation doesn't trigger a network round trip on every tool call.
  • McpAuthTokenVerifier — implements the official SDK's OAuthTokenVerifier interface directly, for non-Express use.
  • mintToken(options) — for MCP servers embedded in a product that already has its own users: your backend, which already knows who its logged-in user is, mints a token server-to-server without routing that user through mcpauth's own login.
  • protectedResourceMetadata(options) / mcpAuthResourceMetadataHandler(options) — RFC 9728 resource-metadata helpers.

Full docs: getmcpauth.dev/docs

License

MIT

MCP Server · Populars

MCP Server · New

    cauldr0nx

    EspoCRM MCP Server

    Opensource MCP Server for EspoCRM

    Community cauldr0nx
    cisco-open

    Network Sketcher

    Network Sketcher is an AI-ready network design tool with Local MCP, Online, and Offline editions for creating network designs and exporting PowerPoint diagrams and Excel-based configuration data.

    Community cisco-open
    IvanMurzak

    ✨ AI Game Developer — Godot MCP

    Godot-MCP — Model Context Protocol (MCP) integration for the Godot Engine. AI tools for the Godot Editor in C#, with cloud connection to ai-game.dev. Apache-2.0.

    Community IvanMurzak
    cyberlife-coder

    velesdb

    The local-first memory engine for AI agents. One offline Rust binary fuses vector + graph + columnar under SQL — remember / recall / why over the Model Context Protocol. why() reconnects a decision to its context across sessions, where pure vector recall (Mem0/Zep) goes blind. Runs on server, laptop, browser, edge. Zero cloud.

    Community cyberlife-coder
    abskrj

    velane

    Velane is integration infrastructure agents actually control — 800+ OAuth integrations, sandboxed Bun and Python execution, and a full deployment pipeline managed via MCP

    Community abskrj