MCP Auth Step by Step is an open-source tutorial project by Solo.io CTO Christian Posta that demonstrates building a Model Context Protocol (MCP) server with HTTP transport and JWT authentication.
The project complements the “MCP Authorization” blog series and covers OAuth RFC requirements and identity provider support. It follows an iterative approach, starting with basic FastAPI setup and gradually adding features like MCP request handling, JWT infrastructure, and OAuth 2.0 metadata endpoints.
Key features include:
- JWT token validation and scope-based authorization
- User context management
- OAuth 2.0 metadata integration
- Comprehensive testing scripts
The project uses FastAPI framework and PyJWT for token handling. Installation requires the uv package manager. Steps can be run using commands like:
uv run step1 # Basic FastAPI server
uv run step2 # MCP request handling
Token generation is supported via scripts or Keycloak. The project emphasizes security, interoperability, and proper OAuth specification compliance while maintaining a step-by-step learning approach.