A TypeScript-based Model Context Protocol (MCP) server with OAuth2 authentication powered by Asgardeo.
This project demonstrates how to create a secure MCP server that:
- Uses TypeScript for type safety
- Implements OAuth2 authentication with Asgardeo
- Exposes MCP tools that require authentication
- Returns authenticated user profile information
- Node.js (v16 or higher)
- npm, yarn, or pnpm
- Asgardeo account
- Claude Desktop
git clone https://github.com/ngsanthosh/typescript-mcp-auth-quickstart.git
cd typescript-mcp-auth-quickstartnpm install- Sign into your Asgardeo console
- Navigate to Applications > New Application
- Select Single Page Application and complete the wizard
- Name: SecureMCPServer
- Authorized Redirect URL: http://localhost:3000/oauth/callback
- Save the following values from the application:
client-id(from Protocol tab)- Base URL (e.g.,
https://api.asgardeo.io/t/your-org)
Create a .env file in the root directory:
cp .env.example .envUpdate .env with your Asgardeo configuration:
ASGARDEO_BASE_URL=https://api.asgardeo.io/t/your-org
PORT=3000Development mode:
npm run devProduction mode:
npm run build
npm startThe server will start on http://localhost:3000/mcp
- Open Claude Desktop
- Go to Settings > Developer
- Click Edit Config to open
claude_desktop_config.json - Add the following configuration:
{
"mcpServers": {
"secure-whoami-server": {
"command": "npx",
"args": [
"mcp-remote@latest",
"http://localhost:3000/mcp",
"--static-oauth-client-info",
"{\"client_id\": \"<your-client-id>\"}",
"--static-oauth-client-metadata",
"{\"scope\": \"openid profile email\"}"
]
}
}
}Replace <your-client-id> with the client ID from your Asgardeo application.
- Restart Claude Desktop
- You'll be redirected to Asgardeo for login
- After authentication, ask Claude: "Who am I?"
- The server will return your authenticated user profile information
.
├── src/
│ └── index.ts # Main MCP server implementation
├── package.json # Dependencies and scripts
├── tsconfig.json # TypeScript configuration
├── .env.example # Example environment variables
├── .gitignore # Git ignore rules
├── README.md # This file
└── LICENSE # License
- OAuth2 Authentication: Secure authentication via Asgardeo
- Type Safety: Full TypeScript support
- MCP Tools: Expose
whoamitool that returns user profile - Express Server: Built on Express.js for HTTP transport
- Authentication Middleware: Protect MCP endpoints with
mcpAuthServer.protect()
Returns the authenticated user's profile information.
Input: None
Output:
{
"profile": {
"sub": "user-id",
"email": "user@example.com",
"given_name": "John",
"family_name": "Doe",
...
}
}| Variable | Description | Example |
|---|---|---|
ASGARDEO_BASE_URL |
Your Asgardeo organization base URL | https://api.asgardeo.io/t/my-org |
PORT |
Server port (default: 3000) | 3000 |
- Ensure you've created a test user in Asgardeo (guide)
- Verify your client ID is correct in Claude Desktop config
- Clear browser cache and try logging in again
- Check that port 3000 is not in use:
lsof -i :3000 - Verify all environment variables are set in
.env - Ensure Node.js version is 16+
- Run
npm installagain - Delete
node_modulesandpackage-lock.json, then reinstall
MIT
For issues and questions:
- Check the Asgardeo Documentation
- Visit Stack Overflow
- Open an issue in this repository