JWT verification for LIME MCP resource servers
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
lime-mcp-server-sdk
JWT verification for LIME MCP resource servers (ADR 0081).
Install:
pip install lime-mcp-server-sdk
Quick start
from lime_mcp_server import TokenVerifier
verifier = TokenVerifier() # defaults: https://lime.pics, aud=mcp
result = verifier.verify(bearer_token)
if result.is_valid:
agent_uuid = result.agent_id # alias for claims["sub"]
MCP OAuth JWT identity is claim sub (UUID). There is no separate agent_id claim.
Environment variables
| Variable | Default | Description |
|---|---|---|
LIME_BASE_URL |
https://lime.pics |
LIME origin for OAuth metadata + JWKS |
LIME_OAUTH_AUDIENCE |
mcp |
Expected JWT aud |
LIME_JWKS_CACHE_TTL_SECONDS |
3600 |
Metadata + JWKS cache TTL |
LIME_JWT_VERIFY_LEEWAY_SECONDS |
120 |
Clock skew leeway |
LIME_JWKS_MIN_REFRESH_SECONDS |
60 |
Min interval between forced JWKS refresh |
Development
Monorepo workspace: sdk/lime-mcp-server-sdk/ (gitignored). Standalone repo: github.com/Mawyxx/lime-mcp-server-sdk.
cd sdk/lime-mcp-server-sdk
pip install -e ".[dev]"
ruff check src tests
mypy src/lime_mcp_server
pytest --cov=lime_mcp_server --cov-fail-under=100
Live integration (optional):
LIME_MCP_SERVER_INTEGRATION=1 LIME_AGENT_TOKEN=at_... pytest tests/integration/ -v
Publish (standalone repo)
From monorepo workspace (after local QA):
cd sdk/lime-mcp-server-sdk
git push -u origin main
git tag v0.2.0
git push origin v0.2.0
GitHub Actions on tag v* publishes to PyPI. One-time setup:
- Create project
lime-mcp-server-sdkon pypi.org - PyPI → Publishing → Add a new pending publisher:
- Owner:
Mawyxx, repo:lime-mcp-server-sdk, workflow:publish.yml, environment:pypi
- Owner:
- GitHub repo → Settings → Environments → create
pypi - Push tag:
git push origin v0.2.0(or re-tag and force-push)
Until PyPI is live, install from GitHub:
pip install "lime-mcp-server-sdk @ git+https://github.com/Mawyxx/lime-mcp-server-sdk.git@v0.2.0"
Changelog
0.2.0
- Remove framework adapters (
LimeMcpTokenVerifier,[mcp]extra). Core-only wheel.
0.1.0
- Initial release:
TokenVerifier,TokenValidationResult, JWKS cache.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file lime_mcp_server_sdk-0.2.0.tar.gz.
File metadata
- Download URL: lime_mcp_server_sdk-0.2.0.tar.gz
- Upload date:
- Size: 10.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cc9b9df60cfbf51bca400bc385024d78794eaa2dbc5f1e0c95223c58a566f903
|
|
| MD5 |
9f049f2f9bfac0bb91c8989eb61d112f
|
|
| BLAKE2b-256 |
42d7e3c7bf06eddff8c4cd9fee68b7cbcfdd8465ee04302db37d0833d2f8df6a
|
Provenance
The following attestation bundles were made for lime_mcp_server_sdk-0.2.0.tar.gz:
Publisher:
publish.yml on Mawyxx/lime-mcp-server-sdk
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
lime_mcp_server_sdk-0.2.0.tar.gz -
Subject digest:
cc9b9df60cfbf51bca400bc385024d78794eaa2dbc5f1e0c95223c58a566f903 - Sigstore transparency entry: 1984623038
- Sigstore integration time:
-
Permalink:
Mawyxx/lime-mcp-server-sdk@41cca66f25b694b967e341d3862beb044ecdd20a -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/Mawyxx
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@41cca66f25b694b967e341d3862beb044ecdd20a -
Trigger Event:
push
-
Statement type:
File details
Details for the file lime_mcp_server_sdk-0.2.0-py3-none-any.whl.
File metadata
- Download URL: lime_mcp_server_sdk-0.2.0-py3-none-any.whl
- Upload date:
- Size: 9.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b6a2d500cde2885df0274e67691ab0f4994675364571311998235d80c229ca85
|
|
| MD5 |
4efe952e700c66251604cb02cdd2beba
|
|
| BLAKE2b-256 |
12347cd6312e75d44991f6abcf536d296c574e633508d259074893e8b1c4e7c5
|
Provenance
The following attestation bundles were made for lime_mcp_server_sdk-0.2.0-py3-none-any.whl:
Publisher:
publish.yml on Mawyxx/lime-mcp-server-sdk
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
lime_mcp_server_sdk-0.2.0-py3-none-any.whl -
Subject digest:
b6a2d500cde2885df0274e67691ab0f4994675364571311998235d80c229ca85 - Sigstore transparency entry: 1984623297
- Sigstore integration time:
-
Permalink:
Mawyxx/lime-mcp-server-sdk@41cca66f25b694b967e341d3862beb044ecdd20a -
Branch / Tag:
refs/tags/v0.2.0 - Owner: https://github.com/Mawyxx
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@41cca66f25b694b967e341d3862beb044ecdd20a -
Trigger Event:
push
-
Statement type:
