Skip to main content
Glama
kabirrajsingh

JavaScript MCP Auth Server

JavaScript MCP Auth Server

This package shows the remote MCP auth boundary in JavaScript:

  • Express HTTP server

  • MCP Streamable HTTP transport at /mcp

  • Protected Resource Metadata

  • Bearer token middleware

  • Keycloak token introspection

  • audience validation

  • mcp:tools scope enforcement

  • protected add_numbers and server_status tools

Run

pnpm mcp-auth-server-js install
cp .env.example .env
pnpm mcp-auth-server-js demo:keycloak
pnpm mcp-auth-server-js start

For the demo, configure Keycloak with:

  • client scope: mcp:tools

  • MCP server confidential client: mcp-server

  • demo client/user for obtaining an access token

  • token audience: http://localhost:3000/mcp

Related MCP server: identity-aware-mcp-server

Demo Scripts

pnpm mcp-auth-server-js demo:no-token
pnpm mcp-auth-server-js demo:metadata
pnpm mcp-auth-server-js demo:get-token
pnpm mcp-auth-server-js demo:call-tool
pnpm mcp-auth-server-js demo:bad-scope

The important point is the failure order:

  1. no token returns 401 with WWW-Authenticate

  2. metadata tells the client where auth lives

  3. token introspection rejects inactive tokens

  4. audience validation rejects tokens for another API

  5. scope validation rejects tokens without mcp:tools

F
license - not found
-
quality - not tested
C
maintenance

Maintenance

Maintainers
Response time
Release cycle
Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/kabirrajsingh/mcp-server-auth-js'

If you have feedback or need assistance with the MCP directory API, please join our Discord server