Reference servers that demo how authentication works with the current Model Context Protocol spec.
Warning
Code presented here is for demo purposes only. Your specific scenarios (including rules inside your enterprise, specific security controls, or other protection mechanisms) may differ from the ones that are outlined in this repository. Always conduct a security audit and threat modeling for any production and customer-facing assets that require authentication and authorization.
Servers above are designed for various runtime scenarios. They are tagged as follows:
- Remote MCP servers:
- Local MCP servers:
- Dual-purpose MCP servers (can run locally or remotely):
| Provider | Scenario | Server Type | Implementation | State |
|---|---|---|---|---|
| Entra ID | API Management gating MCP server. |  |
remote-mcp-apim-functions-python |
 |
| Entra ID | Confidential client, mapped to session token. |  |
entra-id-cca-session |
|
| Entra ID | Public client, using WAM. |  |
entra-id-local-wam |
|
| GitHub | GitHub application w/OAuth, mapped to session token. | |
github-app-session |
|
| Entra ID | API Management gating an Azure Functions MCP server. | |
remote-auth-mcp-apim-py |
|
| Entra ID | API Management gating an App Service MCP server with Protected Resource Metadata (PRM) | |
remote-mcp-apim-oauth-prm |
|