JWT Auditor MCP Server

Instructions

Implementation Reference

• server.py:131-165 (handler)

  Implementation of the jwt_generate tool. This handler function generates a JWT token using the provided header, payload, algorithm (HS* or RS*), and key. It handles both symmetric (HMAC) and asymmetric (RSA) signing. The @server.tool() decorator registers it as an MCP tool.
  @server.tool() def jwt_generate(header: dict, payload: dict, alg: str, key: str) -> dict: """Generate a JWT with the given header, payload, algorithm, and key (HS* or RS*).""" import base64 import json import hmac import hashlib try: def b64encode(data): return base64.urlsafe_b64encode(data).rstrip(b'=').decode() header_b64 = b64encode(json.dumps(header, separators=(",", ":")).encode()) payload_b64 = b64encode(json.dumps(payload, separators=(",", ":")).encode()) signing_input = f"{header_b64}.{payload_b64}".encode() alg_upper = alg.upper() if alg_upper in ["HS256", "HS384", "HS512"]: hash_alg = {"HS256": hashlib.sha256, "HS384": hashlib.sha384, "HS512": hashlib.sha512}[alg_upper] sig = hmac.new(key.encode(), signing_input, hash_alg).digest() signature_b64 = b64encode(sig) elif alg_upper in ["RS256", "RS384", "RS512"]: from cryptography.hazmat.primitives import serialization, hashes from cryptography.hazmat.primitives.asymmetric import padding private_key = serialization.load_pem_private_key(key.encode(), password=None) hash_alg = {"RS256": hashes.SHA256(), "RS384": hashes.SHA384(), "RS512": hashes.SHA512()}[alg_upper] sig = private_key.sign( signing_input, padding.PKCS1v15(), hash_alg ) signature_b64 = b64encode(sig) else: return {"error": f"Unsupported algorithm: {alg}"} jwt = f"{header_b64}.{payload_b64}.{signature_b64}" return {"jwt": jwt} except Exception as e: return {"error": str(e)}