🔐 SSE MCP Server with JWT Authentication

This is a Model Context Protocol (MCP) SSE server with JWT-based authentication.
It allows you to expose multiple AI tools over an SSE transport, protected via secure Bearer Token flow.

Built with:

• 🚀 Node.js + Express

• 🧩 @modelcontextprotocol/sdk

• 🔒 JSON Web Tokens (JWT) for authentication

• ⚙️ Zod for input validation

✅ Fully tested with @modelcontextprotocol/inspector

📂 Project Structure

Related MCP server: MCP Toolkit

✨ Features

• ✅ Secure SSE connection using Bearer JWT token

• ✅ Dynamic Tool registration (echo, time, random number, etc.)

• ✅ Tested with MCP Inspector

• ✅ Logs all request lifecycle events

• ✅ Session management for /message endpoint

• 🚀 Ready to extend for production use

⚙️ Setup

1. Clone the repository

2. Install dependencies

3. Create .env file

4. Run the server

✅ Server will run on:

🧪 Testing the server with MCP Inspector

Step 1 — Install MCP Inspector

📖 Official Docs: MCP Inspector

Step 2 — Generate a token

Use cURL to get your JWT token:

✅ Example response:

Step 3 — Connect MCP Inspector

1. Open Inspector UI

2. Set Transport Type: SSE

3. URL:

   http://localhost:3001/sse

4. Add Authorization Header:

   Authorization: Bearer <your-token>

5. Click Connect

🎉 Success! Your server is now connected.

Step 4 — Test tools

Go to Tools tab in Inspector and click List Tools.

You will see:

• ✅ test

• ✅ echo

• ✅ get-time

• ✅ random-number

Test them and enjoy!

📖 API Reference

🔑 Generate Token

🔌 SSE Endpoint (requires token)

📩 Send Message to active session

🧩 Tools Reference

🗓️ Upcoming Changes

• Token revocation list (blacklist)

• Role-based tool access (scope checks)

• Session heartbeat / keep-alive

• Rate limiting & logging

• Dockerization for deployment

📚 Useful Resources

• Model Context Protocol Introduction

• MCP Inspector Docs

• JWT.io Debugger

• Zod Validation Docs

👨‍💻 Maintainer

Aniket

📄 License

This project is open-source and free to use.

🚀 Build. Secure. Empower.