Showcase: mcp-authflow — an OAuth 2.0 framework for MCP servers (auth + resource halves, MIT)
Disclosure: I wrote this. It's the extracted, open-sourced version of the auth layer I run in my own infrastructure.
Put an MCP server anywhere past localhost and you've had the auth conversation with yourself. No auth and hope nobody finds /mcp. One shared API key in every client config. "Allow localhost and pray." None of those give you scoping, per-client revocation, or any kind of audit trail. My 9 MCP servers aren't read-only, they can delete tasks, create PRs, and write to databases.
So I built two packages: mcp-authflow (authorization-server half) and mcp-authflow-resource (resource-server half). Both MIT, both on PyPI, both protecting those 9 servers for the past ~3 months, all introspecting against one auth server.
mcp-authflow covers the authorization-server side: dynamic client registration (RFC 7591), auth code + PKCE (7636), client credentials, token introspection (7662), server metadata (8414), private_key_jwt (7523), device flow (8628). Sans-I/O where it matters. The framework owns the protocol, you own storage. In-memory and Postgres backends included.
mcp-authflow-resource covers the resource-server side: introspection-based token verification with SSRF hardening, plus the .well-known discovery endpoints (RFC 9728 / 8414) that let Claude Desktop, Claude Code, and other MCP clients auto-discover and register.
One command runs the whole thing, the auth server, Postgres, an OAuth-protected notes MCP server, and a demo client:
git clone https://github.com/brooksmcmillin/example-mcp-server
cd example-mcp-server && docker compose up
Then docker compose --profile demo run --rm example-client walks the full flow: register, get a token, call a tool, watch an unauthenticated request get rejected.
Auth server: https://github.com/brooksmcmillin/mcp-authflow
Resource server: https://github.com/brooksmcmillin/mcp-authflow-resource
Example: https://github.com/brooksmcmillin/example-mcp-server
Not a hosted product. No signup, no SaaS. I'd like feedback on the auth/resource split and whether the storage interfaces fit how you'd actually deploy this.