mcpauth
Drop-in OAuth 2.1 + Dynamic Client Registration authentication middleware and token verification for MCP servers.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for mcpauth, derived from its capabilities.
AIVSS 8.9 · High
View MAESTRO 7-layer threat model →Overview
mcpauth is a drop-in OAuth 2.1 and Dynamic Client Registration layer for MCP servers, providing authentication middleware and token verification (with a Python variant, getmcpauth). Security surface: it IS the auth boundary — it validates bearer tokens for other MCP servers, so its correctness directly gates access to everything behind it.
Key features
- OAuth 2.1 support
- Dynamic Client Registration
- Bearer token verification
- Drop-in middleware for MCP servers
Use cases
- Add auth to a remote MCP server
- Verify client tokens for a tool endpoint