Skip to main content

JWT verification for LIME MCP resource servers

Project description

lime-mcp-server-sdk

JWT verification for LIME MCP resource servers (ADR 0081).

Install:

pip install lime-mcp-server-sdk

Quick start

from lime_mcp_server import TokenVerifier

verifier = TokenVerifier()  # defaults: https://lime.pics, aud=mcp
result = verifier.verify(bearer_token)
if result.is_valid:
    agent_uuid = result.agent_id  # alias for claims["sub"]

MCP OAuth JWT identity is claim sub (UUID). There is no separate agent_id claim.

Environment variables

Variable Default Description
LIME_BASE_URL https://lime.pics LIME origin for OAuth metadata + JWKS
LIME_OAUTH_AUDIENCE mcp Expected JWT aud
LIME_JWKS_CACHE_TTL_SECONDS 3600 Metadata + JWKS cache TTL
LIME_JWT_VERIFY_LEEWAY_SECONDS 120 Clock skew leeway
LIME_JWKS_MIN_REFRESH_SECONDS 60 Min interval between forced JWKS refresh

Development

Monorepo workspace: sdk/lime-mcp-server-sdk/ (gitignored). Standalone repo: github.com/Mawyxx/lime-mcp-server-sdk.

cd sdk/lime-mcp-server-sdk
pip install -e ".[dev]"
ruff check src tests
mypy src/lime_mcp_server
pytest --cov=lime_mcp_server --cov-fail-under=100

Live integration (optional):

LIME_MCP_SERVER_INTEGRATION=1 LIME_AGENT_TOKEN=at_... pytest tests/integration/ -v

Publish (standalone repo)

From monorepo workspace (after local QA):

cd sdk/lime-mcp-server-sdk
git push -u origin main
git tag v0.2.0
git push origin v0.2.0

GitHub Actions on tag v* publishes to PyPI. One-time setup:

  1. Create project lime-mcp-server-sdk on pypi.org
  2. PyPI → PublishingAdd a new pending publisher:
    • Owner: Mawyxx, repo: lime-mcp-server-sdk, workflow: publish.yml, environment: pypi
  3. GitHub repo → Settings → Environments → create pypi
  4. Push tag: git push origin v0.2.0 (or re-tag and force-push)

Until PyPI is live, install from GitHub:

pip install "lime-mcp-server-sdk @ git+https://github.com/Mawyxx/lime-mcp-server-sdk.git@v0.2.0"

Changelog

0.2.0

  • Remove framework adapters (LimeMcpTokenVerifier, [mcp] extra). Core-only wheel.

0.1.0

  • Initial release: TokenVerifier, TokenValidationResult, JWKS cache.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

lime_mcp_server_sdk-0.2.0.tar.gz (10.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

lime_mcp_server_sdk-0.2.0-py3-none-any.whl (9.3 kB view details)

Uploaded Python 3

File details

Details for the file lime_mcp_server_sdk-0.2.0.tar.gz.

File metadata

  • Download URL: lime_mcp_server_sdk-0.2.0.tar.gz
  • Upload date:
  • Size: 10.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for lime_mcp_server_sdk-0.2.0.tar.gz
Algorithm Hash digest
SHA256 cc9b9df60cfbf51bca400bc385024d78794eaa2dbc5f1e0c95223c58a566f903
MD5 9f049f2f9bfac0bb91c8989eb61d112f
BLAKE2b-256 42d7e3c7bf06eddff8c4cd9fee68b7cbcfdd8465ee04302db37d0833d2f8df6a

See more details on using hashes here.

Provenance

The following attestation bundles were made for lime_mcp_server_sdk-0.2.0.tar.gz:

Publisher: publish.yml on Mawyxx/lime-mcp-server-sdk

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file lime_mcp_server_sdk-0.2.0-py3-none-any.whl.

File metadata

File hashes

Hashes for lime_mcp_server_sdk-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 b6a2d500cde2885df0274e67691ab0f4994675364571311998235d80c229ca85
MD5 4efe952e700c66251604cb02cdd2beba
BLAKE2b-256 12347cd6312e75d44991f6abcf536d296c574e633508d259074893e8b1c4e7c5

See more details on using hashes here.

Provenance

The following attestation bundles were made for lime_mcp_server_sdk-0.2.0-py3-none-any.whl:

Publisher: publish.yml on Mawyxx/lime-mcp-server-sdk

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page