A
securityF
licenseA
qualityA Model Context Protocol server that allows secure execution of pre-approved commands, enabling AI assistants to safely interact with the user's system.
Last updated -
1
3
18
JavaScript
Integrations
Manages environment variables for server configuration, including JWT secrets.
Serves as the web framework for the MCP server, handling HTTP requests and SSE connections for AI tool communication.
Used for version control and project setup via cloning.
🔐 SSE MCP Server with JWT Authentication
This is a Model Context Protocol (MCP) SSE server with JWT-based authentication.
It allows you to expose multiple AI tools over an SSE transport, protected via secure Bearer Token flow.
Built with:
- 🚀 Node.js + Express
- 🧩 @modelcontextprotocol/sdk
- 🔒 JSON Web Tokens (JWT) for authentication
- ⚙️ Zod for input validation
✅ Fully tested with
@modelcontextprotocol/inspector
📂 Project Structure
Copy
✨ Features
- ✅ Secure SSE connection using Bearer JWT token
- ✅ Dynamic Tool registration (echo, time, random number, etc.)
- ✅ Tested with MCP Inspector
- ✅ Logs all request lifecycle events
- ✅ Session management for /message endpoint
- 🚀 Ready to extend for production use
⚙️ Setup
1. Clone the repository
Copy
2. Install dependencies
Copy
3. Create .env file
Copy
4. Run the server
Copy
✅ Server will run on:
Copy
🧪 Testing the server with MCP Inspector
Step 1 — Install MCP Inspector
📖 Official Docs: MCP Inspector
Copy
Step 2 — Generate a token
Use cURL to get your JWT token:
Copy
✅ Example response:
Copy
Step 3 — Connect MCP Inspector
- Open Inspector UI
- Set Transport Type: SSE
- URL: Copy
- Add Authorization Header:Copy
- Click Connect
🎉 Success! Your server is now connected.
Step 4 — Test tools
Go to Tools tab in Inspector and click List Tools.
You will see:
- ✅
test - ✅
echo - ✅
get-time - ✅
random-number
Test them and enjoy!
📖 API Reference
🔑 Generate Token
Copy
🔌 SSE Endpoint (requires token)
Copy
📩 Send Message to active session
Copy
🧩 Tools Reference
| Tool Name | Description |
|---|---|
test | Test connection (security check) |
echo | Echo back provided message |
get-time | Returns current server time |
random-number | Returns random number (min/max) |
🗓️ Upcoming Changes
- Token revocation list (blacklist)
- Role-based tool access (scope checks)
- Session heartbeat / keep-alive
- Rate limiting & logging
- Dockerization for deployment
📚 Useful Resources
👨💻 Maintainer
Aniket
📄 License
This project is open-source and free to use.
🚀 Build. Secure. Empower.
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
A Model Context Protocol server that exposes multiple AI tools over SSE transport with JWT-based secure authentication, allowing for dynamic tool registration and session management.
Related MCP Servers
- -securityAlicense-qualityA Model Context Protocol server that enables seamless execution of commands, Python code, web content fetching, and reusable task management with secure credentials handling.Last updated -2PythonMIT License
- -securityFlicense-qualityA comprehensive Model Context Protocol server implementation that enables AI assistants to interact with file systems, databases, GitHub repositories, web resources, and system tools while maintaining security and control.Last updated -16TypeScript
- -securityAlicense-qualityA Model Context Protocol server that provides AI agents with secure access to local filesystem operations, enabling reading, writing, and managing files through a standardized interface.Last updated -141TypeScriptApache 2.0