Secure middleware server implementing Model Context Protocol (MCP) over SSE with JWT authentication. Enables standardized communication between AI tools and clients with dynamic tool registration, request logging, and session management. Perfect for building production-ready AI systems requiring secure access patterns.
Configuration
View docs{
"mcpServers": {
"anisirji-mcp-server-remote-setup-with-jwt-auth": {
"url": "http://localhost:3001/sse",
"headers": {
"JWT_SECRET": "YOUR_ENV_JWT_SECRET"
}
}
}
}You expose multiple AI tools over a secure SSE channel protected by JWT authentication. This MCP server lets you centrally register tools, issue tokens for access, and connect clients to perform actions like echoing messages, retrieving time, or generating random numbers in a safe, token-driven session.
Connect a client to the SSE endpoint using a valid JWT token, then call the available tools through the configured session. Generate a token for user access, attach it as a Bearer Authorization header, and establish a session with the /sse endpoint. Send messages to an active session via the /message endpoint to drive interactions with the registered tools. Your clients can list tools, invoke them, and receive responses in real time as events over SSE.
# Prerequisites
- Node.js 14+ (npm included)
- Git
# 1. Clone the project
- git clone https://github.com/anisirji/mcp-server-remote-setup-with-jwt-auth.git
- cd mcp-server-remote-setup-with-jwt-auth
# 2. Install dependencies
- npm install
# 3. Create environment file with a JWT secret
- echo "JWT_SECRET=your-secret-key" > .env
# 4. Start the server in development mode
- npm run devConfiguration is centered around JWT authentication and HTTP or local runtime execution. The server provides an HTTP endpoint for SSE at /sse and a token generation endpoint at /auth/token. You must supply a valid JWT token when connecting clients and sending messages. A local runtime can also start the server via npm run dev, which uses the projectβs TypeScript setup to serve the MCP endpoints.
Security considerations include protecting the token with a strong secret, limiting token scopes to mcp:access, and rotating tokens as needed. You can register tools such as test, echo, get-time, and random-number to be available through the MCP interface. Ensure clients attach the Authorization header with Bearer <token> for all MCP interactions.
{
"mcpServers": {
"sse_jwt_http": {
"type": "http",
"name": "sse_jwt_http",
"url": "http://localhost:3001/sse",
"args": []
},
"sse_jwt_stdio": {
"type": "stdio",
"name": "sse_jwt_stdio",
"command": "npm",
"args": ["run", "dev"],
"env": [
{"name": "JWT_SECRET", "value": "your-secret-key"}
]
}
}
}If you cannot connect to the SSE endpoint, verify that the server is running on the expected port (default 3001) and that the JWT secret used to generate tokens matches the one configured on the server. Check that you are sending the Authorization header as Bearer <token> on both the /sse connection and subsequent /message calls. If you see token errors, regenerate a fresh token with the correct scope (mcp:access) and retry.
Test connection and security checks for the MCP endpoint
Echo back the provided message to verify round-trip communication
Return the current server time to synchronize clients
Provide a random number within a specified range for stochastic tasks