Skip to main content

Drop-in OAuth 2.1 + Dynamic Client Registration token verification for Python MCP servers, backed by mcpauth.

Project description

getmcpauth

PyPI version license

Drop-in OAuth 2.1 + Dynamic Client Registration (RFC 7591) token verification for Python MCP servers, backed by mcpauth.

Implements the official mcp SDK's TokenVerifier protocol — the official SDK ships a full bearer-auth middleware stack (BearerAuthBackend, RequireAuthMiddleware) but no ready-made verifier that actually checks a token against a real authorization server. This package is that verifier.

Install

pip install getmcpauth

Usage

import os
from mcp.server.fastmcp import FastMCP
from getmcpauth import McpAuthTokenVerifier, build_auth_settings

mcp = FastMCP(
    "my-server",
    token_verifier=McpAuthTokenVerifier(
        "https://getmcpauth.dev/api/oauth/introspect",
        registration_secret=os.environ["MCPAUTH_SECRET"],
    ),
    auth=build_auth_settings(
        "https://getmcpauth.dev",
        resource_server_url="https://my-server.example.com",
    ),
)

Get a registration_secret by creating a project at getmcpauth.dev/dashboard.

API

  • McpAuthTokenVerifier — implements mcp.server.auth.provider.TokenVerifier. Successful verifications are cached in-process (default 30s) so a chatty agent conversation doesn't trigger a network round trip on every tool call.
  • build_auth_settings(issuer_url, *, resource_server_url, required_scopes=None) — builds an AuthSettings for FastMCP with Dynamic Client Registration enabled.
  • required_scope_for_call(body) / is_authorized(required_scope, granted_scopes) / check_batch(bodies, granted_scopes) — helpers for MCP-native tool scoping (tool:<name> scope strings mapped directly to tools/call requests).

Full docs: getmcpauth.dev/docs

Development

pip install -e ".[test]"
pytest

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

getmcpauth-0.1.0.tar.gz (5.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

getmcpauth-0.1.0-py3-none-any.whl (6.3 kB view details)

Uploaded Python 3

File details

Details for the file getmcpauth-0.1.0.tar.gz.

File metadata

  • Download URL: getmcpauth-0.1.0.tar.gz
  • Upload date:
  • Size: 5.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.13

File hashes

Hashes for getmcpauth-0.1.0.tar.gz
Algorithm Hash digest
SHA256 39560cdd514109a8720fe034cb3c6bbc77bc33215008f146b073d2de5a7cb5ab
MD5 801255973866e732bcf73c42edd11f93
BLAKE2b-256 e2fe1a501d186a56641d605ca1a880b58b17c51a0761bfd78b977bb6aff9b89d

See more details on using hashes here.

File details

Details for the file getmcpauth-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: getmcpauth-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 6.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.13

File hashes

Hashes for getmcpauth-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 03f47fa7fa85d64ad49730224046b853e1d6cc542662a3a99dd80ddc505b9b33
MD5 4cebfbffec8ad2c60e0cf6cb34195c87
BLAKE2b-256 ed28f7762d19468cb4c201c1516ea41598b0a849df43f10508ca54905815339c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page