🔒 MCP Server Authentication Reference Collection

Reference servers that demo how authentication works with the current Model Context Protocol spec.

[!WARNING] Code presented here is for demo purposes only. Your specific scenarios (including rules inside your enterprise, specific security controls, or other protection mechanisms) may differ from the ones that are outlined in this repository. Always conduct a security audit and threat modeling for any production and customer-facing assets that require authentication and authorization.

Scenarios

Servers above are designed for various runtime scenarios. They are tagged as follows:

• Remote MCP servers:
• Local MCP servers:
• Dual-purpose MCP servers (can run locally or remotely):

Supported identity providers

Provider	Scenario	Server Type	Implementation	State
Entra ID	Confidential client, mapped to session token.		entra-id-cca-session
Entra ID	Public client, using WAM		entra-id-local-wam
GitHub	GitHub application w/OAuth, mapped to session token.		github-app-session