With Authentication And Testing With Inspector
This project is a secure Model Context Protocol (MCP) server supporting both API Key and JWT authentication. It includes tools like echo, login, secure_action, and admin_action, with strong error handling, permission checks, and detailed logging.
Ask AI about With Authentication And Testing With Inspector
Powered by Claude Β· Grounded in docs
I know everything about With Authentication And Testing With Inspector. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
π MCP Server with Authentication and Testing with Inspector
This project implements a Model Context Protocol (MCP) server with two authentication mechanisms: API Key Authentication and JWT (JSON Web Token) Authentication. It provides a robust framework for handling authenticated requests with comprehensive error handling and logging, suitable for production environments. The server supports tools like echo, login, secure_action, and admin_action, with authentication enforced where required.
π Table of Contents
π― Purpose
The purpose of this project is to demonstrate secure MCP server implementations with two distinct authentication methods:
- π API Key Authentication: Validates requests using predefined API keys.
- π‘οΈ JWT Authentication: Uses JSON Web Tokens for user authentication and permission-based access control.
This project is designed for developers who need a secure, scalable, and extensible MCP server with robust debugging and logging capabilities.
β¨ Features
-
π API Key Authentication:
- Validates requests using a set of predefined API keys.
- Supports key extraction from arguments, metadata, or environment variables.
- Simple
echotool for demonstration.
-
π‘οΈ JWT Authentication:
- Supports user authentication via username/password to generate JWT tokens.
- Enforces permission-based access control (
read,write,admin). - Includes tools:
login,echo,secure_action, andadmin_action. - Configurable token expiry (default: 24 hours).
- Token extraction from arguments, metadata, or environment variables.
-
β οΈ Robust Error Handling:
- Custom
McpErrorfor consistent error responses. - Detailed logging of errors and server events.
- Custom
-
π Logging:
- Configurable logging to both console and rotating log files.
- Log rotation based on file size (5MB, with 5 backups).
- Automatic cleanup of old log files based on age.
-
π MCP Inspector Integration:
- Compatible with MCP Inspector for testing and debugging.
- Supports debugging via
--debugflag.
ποΈ Project Structure
/
βββ src/
β βββ config/
β β βββ __init__.py
β β βββ app_settings.py # Configuration for environment variables and settings
β β βββ logging_config.py # Logging setup with file rotation
β βββ mcp-server-with-stdio-api-key-auth.py # API Key Authentication server
β βββ mcp-server-with-stdio-auth2-auth.py # To Do
β βββ mcp-server-with-stdio-jwt-key-auth.py # JWT Authentication server
βββ pyproject.toml # Project documentation
βββ README.md # Python dependencies
β Prerequisites
- Python: Version 3.13 or higher
- uv: Used for managing Python virtual environments
- Node.js: Required for running MCP Inspector
- NPM: Required to run MCP Inspector
- Operating System: Windows, macOS, or Linux
βοΈ Installation
-
π₯ Clone the Repository:
git clone https://github.com/ahmad-act/MCP-Server-with-Authentication-and-Testing-with-Inspector.git cd MCP-Server-with-Authentication-and-Testing-with-Inspector -
πͺ Set Up a Virtual Environment (recommended):
uv venv source venv/bin/activate # On Windows: venv\Scripts\activate -
π¦ Install Dependencies:
uv sync
π§© Packages
The following Python packages are required:
mcp[cli]>=1.10.1
PyJWT>=2.8.0
python-dotenv>=1.0.0
π Install them using:
uv add mcp[cli] PyJWT python-dotenv
π¦ Usage
1οΈβ£ MCP Server with Stdio and API Key (mcp-server-with-stdio-api-key-auth.py)
βΆοΈ Run the MCP Server:
β οΈ You do not need to manually run the MCP server for stdio transport. MCP Inspector runs the MCP Server for stdio transport.
βΆοΈ Run the MCP Inspector:
The stdio server is typically launched by the MCP Inspector, not manually. Run the Inspector with the following command, add -e environment variable and adjusting the --directory path to your src/ directory:
npx @modelcontextprotocol/inspector uv -e MCP_API_KEY=sk-1234567890abcdef --directory '<your-src-directory>/src' run mcp-server-with-stdio-api-key-auth.py --debug

π Open the MCP Inspector:
Open the link http://localhost:6274/?MCP_PROXY_AUTH_TOKEN=XXXXXXXXXXXXXXXXXX with its token in your browser:

π§ͺ Using the MCP Inspector
-
After running the above command, the Inspector will start and automatically connect to the
stdio-based server. -
In the Inspector UI (
http://127.0.0.1:6274), inspect the available tools (e.g.,echo). -
Test the
echotool:- Input:
{ "method": "call_tool", "params": { "name": "echo", "arguments": { "message": "test", "_api_key": "sk-1234567890abcdef" } } }Expected Response:
{ "result": [ { "type": "text", "text": "Echo: test" } ] }

2οΈβ£ MCP Server with Stdio and API Key (mcp-server-with-stdio-jwt-key-auth.py)
βΆοΈ Run the MCP Server:
β οΈ You do not need to manually run the MCP server for stdio transport. MCP Inspector will launch the server automatically.
βΆοΈ Run the MCP Inspector:
The stdio server is typically launched by the MCP Inspector, not manually. Run the Inspector with the following command, adjusting the --directory path to your src/ directory:
npx @modelcontextprotocol/inspector uv --directory '<your-src-directory>\src' run mcp-server-with-stdio-jwt-key-auth.py --debug

π Open the MCP Inspector:
Open the link http://localhost:6274/?MCP_PROXY_AUTH_TOKEN=XXXXXXXXXXXXXXXXXX with its token in your browser:

π§ͺ Using the MCP Inspector
-
After running the above command, the Inspector will start and automatically connect to the
stdio-based server. -
Usage Flow:
-
Step 1: Login to Get JWT Token:
{ "method": "call_tool", "params": { "name": "login", "arguments": { "username": "user1", "password": "password123" } } }Response:
{ "result": [ { "type": "text", "text": "Login successful! JWT Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." } ] } -
Step 2: Use JWT Token for Authenticated Requests:
{ "method": "call_tool", "params": { "name": "echo", "arguments": { "message": "test", "_jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." } } }Response:
{ "result": [ { "type": "text", "text": "Echo (authenticated as user1): test" } ] }

-
3οΈβ£ MCP Server with Stdio and Auth2 (mcp-server-with-stdio-auth2-auth.py)
π§ To Do
π Workflow
-
π API Key Authentication:
- The server checks for a valid API key in the request arguments, metadata, or environment variables.
- If valid, the request is processed; otherwise, an error is returned.
- The
echotool demonstrates basic functionality.
-
π‘οΈ JWT Authentication:
- Users first call the
logintool with valid credentials to obtain a JWT token. - The token is used in subsequent requests for tools like
echo,secure_action, oradmin_action. - Permissions (
read,write,admin) are checked for each tool. - Tokens expire after 24 hours (configurable).
- Users first call the
-
π Logging:
- Logs are written to both the console and a rotating log file in the
logsdirectory. - Old log files are cleaned up based on a specified retention period.
- Logs are written to both the console and a rotating log file in the
-
π Testing with MCP Inspector:
- Use MCP Inspector to interact with the server via a web interface.
- Debug mode (
--debug) provides detailed output for troubleshooting.
π©΅ Troubleshooting
-
π« Invalid API Key:
- Ensure the API key is one of:
sk-1234567890abcdef,sk-abcdef1234567890,sk-test123456789. - Check environment variable
MCP_API_KEYor request arguments.
- Ensure the API key is one of:
-
β οΈ Invalid JWT Token:
- Verify the token is not expired (valid for 24 hours).
- Ensure the correct
JWT_SECRETis set. - Check username/password for
logintool.
-
π Permission Errors:
- Ensure the user has the required permissions (
read,write, oradmin) for the requested tool.
- Ensure the user has the required permissions (
-
π Log Files:
- Check the
logsdirectory for detailed error messages. - Logs are named in the format
YYYYMM.log.
- Check the
