Supports interaction with the MCP server using curl commands for making tool calls, including examples for getting channel information, sending messages, and searching messages.
Provides tools for sending messages to Discord channels, fetching recent messages, retrieving channel information, searching for messages containing keywords, and moderating content by deleting specific messages.
Mentioned as a compatible API testing tool that can be used with the MCP server for making tool calls and testing the Discord integration.
Discord MCP Server with Bearer Token Authentication
A secure Discord MCP (Model Context Protocol) server that provides Discord integration tools with JWT Bearer Token authentication.
🔐 Security Features
Bearer Token Authentication using JWT tokens
Discord token protection - tokens are embedded in JWT claims, not passed as parameters
Audit logging - all tool calls are logged with user information
Temporary bot connections - no persistent Discord bot instances
RSA key pair encryption for token signing and verification
📋 Available Tools
Tool | Description |
| Send messages to Discord channels |
| Fetch recent messages from channels |
| Get channel metadata and information |
| Search for messages containing keywords |
| Delete specific messages from channels |
🚀 Setup and Installation
Prerequisites
Python 3.8+
Discord bot token with appropriate permissions
Virtual environment (recommended)
Installation
Install dependencies (already installed in your venv):
pip install discord.py fastapi fastmcp uvicorn python-dotenv PyJWTCreate a Discord bot and get your bot token:
Go to Discord Developer Portal
Create a new application and bot
Copy the bot token
Invite the bot to your server with necessary permissions
Set up environment variables (optional):
# Create .env file echo "DISCORD_TOKEN=your_discord_bot_token_here" > .env
🏃♂️ Running the Server
Start the Server
The server will start on http://localhost:8000
and display:
Available tools
Authentication information
Token generation instructions
Generate Access Token
Replace YOUR_DISCORD_TOKEN
with your actual Discord bot token:
🔧 Using the Server
Authentication
All requests must include a JWT Bearer token in the Authorization header:
Making Tool Calls
Endpoint: POST /mcp/v1/tools/invoke
Headers:
Request Format:
Examples
Get Channel Information
Send a Message
Search Messages
🧪 Testing
Use the provided test script to verify your setup:
📊 Monitoring and Logs
Audit logs are written to
audit.log
Server logs are displayed in the console
Each tool call is logged with user ID, parameters, and success/failure status
🏗️ Architecture
Authentication Flow
Token Generation: Discord token is embedded in JWT claims
Request Authentication: JWT is validated using RSA public key
Token Extraction: Discord token is extracted from validated JWT
Tool Execution: Temporary Discord bot connection is created
Cleanup: Bot connection is properly closed after operation
Security Benefits
No token exposure: Discord tokens never appear in request parameters
Centralized auth: Single authentication point for all tools
Audit trail: Complete logging of all authenticated operations
Temporary connections: No persistent bot instances reduce attack surface
🔒 Security Considerations
Development vs Production
Development: Uses generated RSA key pairs (current setup)
Production: Should use external OAuth 2.1 provider or IdP
Token Security
JWT tokens expire after 1 hour (configurable)
Discord tokens are embedded in JWT claims, not visible in requests
RSA encryption ensures token integrity
Best Practices
Rotate tokens regularly in production
Use HTTPS for all communications
Store Discord tokens securely (environment variables, secrets manager)
Monitor audit logs for unusual activity
Implement rate limiting if needed
🤝 Integration with MCP Clients
This server follows the MCP specification and can be used with:
Claude Desktop with MCP integration
Custom MCP clients
API testing tools (Postman, curl, etc.)
📚 References
🐛 Troubleshooting
Common Issues
"No Discord token found in authentication"
Verify your JWT token contains the Discord token in claims
Check token generation with correct Discord bot token
"Bot doesn't have permission"
Ensure Discord bot has necessary permissions in the server
Check channel permissions specifically
"Server not reachable"
Verify server is running on localhost:8000
Check for port conflicts
"Invalid token"
Token may be expired (1 hour default)
Generate a new token
Verify token format in Authorization header
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
A secure server that enables interaction with Discord channels through JWT-authenticated API calls, allowing users to send messages, fetch channel data, search content, and perform moderation actions.
Related MCP Servers
- AsecurityAlicenseAqualityEnables direct interaction with the Discord API using both REST API calls and slash command syntax for bot management, server configuration, and message operations.Last updated -8MIT License
- -securityFlicense-qualityEnables LLMs to interact with Discord channels by sending and reading messages through Discord's API, with a focus on maintaining user control and security.Last updated -126138
- AsecurityAlicenseAqualityA Discord Model Context Protocol server that enables AI assistants to interact with Discord, providing functionality for sending messages, managing channels, handling forum posts, and working with reactions.Last updated -222547MIT License
- AsecurityAlicenseAqualityA Discord MCP server that enables AI assistants to interact with Discord platforms, providing functionalities like sending messages, managing channels, creating forum posts, and handling webhooks.Last updated -21251MIT License