Blinkly
Secure MCP server with OAuth2 using Spring Security and Authorization Server for token-based authentication
This sample demonstrates how to secure an MCP server using OAuth2, as per the MCP specification.
The MCP (Model Context Protocol) server acts as a universal adapter for AI applications. Designed to facilitate seamless integration and connectivity between AI applications like Claude Desktop, Continue, Cursor, and data sources/tools, it ensures that these applications can access specific resources through standardized protocols. The MCP server leverages OAuth2 for secure token-based authentication, enabling robust security while facilitating smooth interactions.
The MCP Server supports OAuth2 token-based authentication to ensure that only authorized clients can interact with the server. By using Spring Security and Spring Authorization Server, developers can implement a secure environment where tokens are issued for client credentials and used for validation.
Tokens issued by the MCP server have an expiry period of 5 minutes, ensuring continuous monitoring and refreshing of authentication state. This feature is crucial for maintaining security and responsiveness in dynamic environments where frequent token invalidation might occur.
The architecture of the MCP Server follows a multi-layered approach:
OAuth2 Security Layer: Utilizing Spring Security, OAuth2 provides foundational security features essential for protecting sensitive data and ensuring that only authenticated clients can access the server.
Token Issuance via Authorization Server: The Spring Authorization Server is configured to issue OAuth2 tokens. This component ensures that token generation and validation are handled efficiently.
Resource Server Integration: The MCP server functions as a resource server, validating incoming OAuth2 tokens and ensuring that only authorized requests are processed.
In the implementation process, developers should follow these key steps:
Dependency Setup:
OAuth2 Endpoint Configuration:
/oauth2/token endpoint, which accepts client credentials (username:password) in basic authentication format.To get started with the MCP Server, follow these steps:
Run the Project:
./mvnw spring-boot:run
Obtain a Token:
/oauth2/token endpoint.
curl -XPOST "http://localhost:8080/oauth2/token" \
--data grant_type=client_credentials \
--user "oidc-client:secret"
jq to extract the access token easily:
curl -XPOST "http://localhost:8080/oauth2/token" \
--data grant_type=client_credentials \
--user "oidc-client:secret" | jq -r ".access_token"
Configure MCP Inspector:
npx @modelcontextprotocol/[email protected]
Imagine an AI application that needs to fetch real-time data from multiple sources. The MCP Server acts as a gateway, allowing the application to securely access these data sources using standard API endpoints. This setup ensures that each interaction is both secure and efficient.
curl "http://mcp.server.com/v1/dataSources/{id}/realTimeData" \
-H "Authorization: Bearer <your_access_token>"
Another critical use case involves integrating external tools into an AI application. For example, a text summarization tool can be seamlessly integrated with the MCP server, allowing the AI to process data and then execute summary generation using the preferred external tool.
The compatibility of MCP clients is essential for ensuring that all relevant applications can leverage the MCP server effectively. The current compatibility matrix includes:
| MCP Client | Resources | Tools | Prompts | Status |
|---|---|---|---|---|
| Claude Desktop | ✅ | ✅ | ✅ | Full Support |
| Continue | ✅ | ✅ | ✅ | Full Support |
| Cursor | ❌ | ✅ | ❌ | Tools Only |
The MCP server is designed to handle a wide range of clients and applications, ensuring that it can support various AI workflows with minimal overhead. Key performance metrics include:
{
"mcpServers": {
"[server-name]": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-[name]"],
"env": {
"API_KEY": "your-api-key"
}
}
}
}
This configuration snippet illustrates how to set up the MCP server through a JSON configuration file, specifying command-line arguments and environment variables for better control.
How do I ensure token security?
What should I do if my token expires?
Can all MCP clients work with this server?
How does the MCP protocol ensure data integrity?
What if I need to update the server configuration frequently?
Contributions are welcome! To get started, clone the repository and run the following commands:
Clone the Repository:
git clone https://github.com/yourrepo/mcp-server.git
cd mcp-server
Install Dependencies:
./mvnw dependency:go-offline
Run Tests:
mvn clean test
Submit a Pull Request:
Explore more about the Model Context Protocol and its ecosystem here:
By leveraging this MCP server, developers can create robust and scalable AI applications capable of integrating seamlessly with various data sources and tools.
Next-generation MCP server enhances documentation analysis with AI-powered neural processing and multi-language support
Learn to connect to MCP servers over HTTP with Python SDK using SSE for efficient protocol communication
Learn how to use MCProto Ruby gem to create and chain MCP servers for custom solutions
AI Vision MCP Server offers AI-powered visual analysis, screenshots, and report generation for MCP-compatible AI assistants
Connects n8n workflows to MCP servers for AI tool integration and data access
Python MCP client for testing servers avoid message limits and customize with API key