Skip to content

Euraxluo/fastmcp-authentication

BranchesTags

Repository files navigation

FastMCP Authentication Server

A production-ready token issuer server for FastMCP V2, providing JWT-based authentication with comprehensive admin capabilities.

πŸš€ Features

  • JWT Token Issuance: Generate RS256-signed JWT tokens for FastMCP authentication
  • Admin Panel: Web-based UI for token and user management
  • Key Management: Create and revoke access/secret key pairs
  • Session Management: Track and manage user sessions
  • Audit Logging: Comprehensive audit trail for all operations
  • RESTful API: Full API for programmatic access
  • JWKS Endpoint: Standards-compliant JSON Web Key Set endpoint

πŸ“‹ Requirements

  • Python 3.11+
  • uv (recommended package manager)

πŸ› οΈ Installation

  1. Clone the repository:

    git clone https://github.com/Euraxluo/fastmcp-authentication.git
cd fastmcp-authentication

  2. Install dependencies:

    uv sync

βš™οΈ Configuration

Initial Setup

Generate RSA key pair and configuration:

uv run token_issuer_server.py -i http://localhost:8080

This will:

  • Generate RSA 2048-bit key pair
  • Create token_issuer_config.yaml
  • Display admin credentials

Configuration File

The token_issuer_config.yaml contains:

  • private_key: RSA private key (PEM format)
  • public_key: RSA public key (PEM format)
  • issuer: Token issuer URL
  • audience: Token audience
  • algorithm: JWT algorithm (RS256)

πŸš€ Running the Server

Start the server:

uv run fastapi run token_issuer_server.py --port 8080

The server will be available at:

πŸ” Authentication

Admin Account

After initial setup, you'll get admin credentials:

ACCESS_KEY: u3dukmKC5Adkd9r8vinUHhXe
SECRET_KEY: pdjBWPWD2u_0nBw2XfiPfYpQSjMIynsP

Login Process

  1. Web UI: Visit http://localhost:8080/ui
  2. API: POST to /login with access_key and secret_key
  3. Session: Receive session token for subsequent requests

πŸ“š API Reference

Authentication Endpoints

Endpoint Method Description
/login POST Authenticate and get session token
/logout POST Revoke session token

Token Management

Endpoint Method Description
/v1/tokens POST Issue JWT token
/v1/public_key GET Get public key
/.well-known/jwks.json GET JWKS endpoint

User Management (Admin Only)

Endpoint Method Description
/v1/keys POST Create new key pair
/v1/keys GET List all key pairs
/v1/keys/revoke POST Revoke key pair

Audit & Sessions

Endpoint Method Description
/v1/audit GET Get audit logs
/v1/sessions GET List sessions

πŸŽ›οΈ Admin Panel Features

Dashboard

  • Welcome screen with user info
  • Quick access to all features

Token Management

  • Issue JWT tokens with custom expiration
  • View token details and public key

Key Management (Admin Only)

  • Generate new access/secret key pairs
  • Set admin privileges
  • Revoke existing keys
  • View all key pairs

Audit Logs

  • Comprehensive activity tracking
  • Filter by user and action type
  • Categorized logs (user management, token issuance)

Session Management

  • View active sessions
  • Sort by creation time, expiration, usage count
  • Filter by access key (admin only)
  • Pagination support

πŸ”§ Database Schema

Users Table

CREATE TABLE users (
    id INTEGER PRIMARY KEY AUTOINCREMENT,
    access_key TEXT UNIQUE NOT NULL,
    secret_key TEXT NOT NULL,
    is_admin INTEGER DEFAULT 0,
    created_at TEXT NOT NULL,
    revoked INTEGER DEFAULT 0
);

Sessions Table

CREATE TABLE sessions (
    id INTEGER PRIMARY KEY AUTOINCREMENT,
    user_id INTEGER NOT NULL,
    session_token TEXT UNIQUE NOT NULL,
    created_at TEXT NOT NULL,
    expires_at TEXT NOT NULL,
    revoked INTEGER DEFAULT 0,
    usage_count INTEGER DEFAULT 0,
    FOREIGN KEY(user_id) REFERENCES users(id)
);

Audit Table

CREATE TABLE token_audit (
    id INTEGER PRIMARY KEY AUTOINCREMENT,
    user_id INTEGER,
    action TEXT NOT NULL,
    detail TEXT,
    timestamp TEXT NOT NULL,
    FOREIGN KEY(user_id) REFERENCES users(id)
);

πŸ”’ Security Features

  • RSA 2048-bit: Strong cryptographic keys
  • Constant-time comparison: Prevents timing attacks
  • Session management: Secure session tokens
  • Audit logging: Complete activity trail
  • Key revocation: Immediate access control
  • JWT standards: RFC 7519 compliant

πŸ“ Environment Variables

Variable Default Description
TOKEN_ISSUER_CONFIG token_issuer_config.yaml Config file path
TOKEN_ISSUER_DATABASE_URL sqlite+aiosqlite:///token_issuer.sqlite3 Database URL (overrides DB_URL)

πŸ” Troubleshooting

Common Issues

  1. Port already in use: Change port in command
  2. Database errors:
    • Database does not exist: Create the database manually (see above)
    • MySQL VARCHAR requires a length: All string fields now have explicit length; update code if using custom models
    • Datetime offset errors: All datetime fields are now naive (no timezone) for cross-DB compatibility
    • File permissions: For SQLite, check file permissions for token_issuer.sqlite3
  3. Config not found: Run setup command first

Logs

Check server logs for detailed error information:

uv run fastapi run token_issuer_server.py --port 8080 --log-level debug

🀝 Contributing

  1. Fork the repository
  2. Create feature branch
  3. Make changes
  4. Add tests
  5. Submit pull request

πŸ“„ License

This project is licensed under the MIT License - see the LICENSE file for details.

πŸ”— Related Projects

  • FastMCP - Model Context Protocol implementation
  • FastAPI - Modern web framework

About

fastmcp-authentication

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages