This project demonstrates how to create a secured MCP (Model Context Protocol) server in Python with FastMCP framework, using Asgardeo as the OAuth2/OIDC provider.
- Python 3.12 or higher
- Asgardeo account and application setup
- pip (Python package installer)
├── main.py # Main FastMCP server application
├── jwt_validator.py # JWT validation module
├── .env # Environment variables configuration
├── README.md # This file
└── requirements.txt # Python dependencies
-
Clone or download this project
-
Create a virtual environment (recommended)
python -m venv .venv source .venv/bin/activate # On Windows: .venv\Scripts\activate
-
Install required dependencies
pip install -r requirements.txt
-
Configure environment variables
Create a
.envfile in the project root directory with your Asgardeo configuration:# Asgardeo OAuth2 Configuration AUTH_ISSUER=https://api.asgardeo.io/t/<your-tenant>/oauth2/token CLIENT_ID=<your-client-id> JWKS_URL=https://api.asgardeo.io/t/<your-tenant>/oauth2/jwks
Example with actual values:
# Asgardeo OAuth2 Configuration AUTH_ISSUER=https://api.asgardeo.io/t/mycompany/oauth2/token CLIENT_ID=abc123xyz789_client_id_from_asgardeo JWKS_URL=https://api.asgardeo.io/t/mycompany/oauth2/jwks
-
Login to your Asgardeo account.
-
Navigate to the Applications Tab and selct the MCP Client Application as shown in below image.
-
Add your application name and callback URL
Once the application is created get both the Client ID and Tenant Name:
- Client ID: Found in the application's Protocol tab
- Tenant Name: Your organization's tenant name (visible in the URL)
The application now uses environment variables for configuration. Make sure you have created the .env file as described in the Installation section above.
Replace the placeholders in your .env file:
- Replace
<your-tenant>with your actual Asgardeo tenant name - Replace
<your-client-id>with your actual OAuth2 client ID from Asgardeo
Security Note: Never commit your .env file to version control. Add .env to your .gitignore file to keep your credentials secure.
-
Start the server
python main.py
-
Server will start on:
http://localhost:8000usingstreamable-httptransport
Run latest MCP Inspector UI with below command:
npx @modelcontextprotocol/inspectorFor more information on how to run MCP Inspector, refer to the MCP Inspector documentation
Note: Make sure to get the Inspector release 0.16.3 or higher version.
- Once the mcp inspector got started, it will shows the URL where it is running, usually
http://localhost:6274/?MCP_PROXY_AUTH_TOKEN=<Proxy_Token>. - Configure Inspector's callback URL in your Asgardeo application settings:
- Go to your Asgardeo application settings (You have created this in the previous steps).
- Navigate to Protocol tab
- Add the callback URL:
http://localhost:6274/oauth/callback(Port can be changed, make sure to match the port where MCP Inspector is running). - Update the application.
- Open the MCP Inspector in your browser using the URL provided by the MCP Inspector server, e.g.,
http://localhost:6274/?MCP_PROXY_AUTH_TOKEN=<Proxy_Token>. - Configure this sample mcp server as shown in below image:
- Click on the Connect button to establish a connection with the MCP server.
(Once you click on the connect button, it will redirect you to the Asgardeo login page, where you can login with your Asgardeo credentials.)
- Once connected, you can start testing the available
addtool by navigating the Tools tab in the MCP Inspector.
- Description: Adds two numbers and returns the computed result.
- Parameters:
a(float): First numberb(float): Second number
- Authentication: Required (valid JWT token).
- Returns: Returns the computed result.