Merged
Conversation
Implement a complete, working Claude Desktop MCP server that authenticates all tool calls using AgentAuth. This is a reference implementation demonstrating: - Agent registration and grant approval workflow - Ed25519 signing with deterministic canonical bytes (BTreeMap-sorted fields) - DPoP (Demonstrating Proof of Possession) for sender-constraint - Token caching with automatic refresh when within 2 minutes of expiry - Behavioral envelope enforcement (rate limits, time windows) - Stateless token verification at verifier service - Graceful error handling and automatic retry with exponential backoff Key implementation details: - Manifest JSON must use alphabetically-sorted keys to match Rust's serde_json canonical bytes format (BTreeMap internal representation) - DateTime fields use second precision with Z-suffix, matching chrono serde default output (AutoSi format omits trailing zeros) - DPoP proofs include optional 'ath' claim binding token to proof - Token refresh is lazy (on next use) when within 2-minute expiry window Features: - Register agent with ed25519 keypair - Request capability grant with human approval via web UI - Issue short-lived tokens (15-minute lifetime) - Attach DPoP proof to every authenticated request - Cache tokens and refresh automatically - Four demo tools: read_calendar, write_file, delete_file, make_payment Usage: 1. Start AgentAuth dev stack: ./dev.sh 2. Run MCP: bun services/agentauth-mcp/index.ts 3. Approve grant at http://localhost:3001/approve/... 4. Add to Claude Desktop config to enable MCP 5. Ask Claude to use the tools Customization: - Edit src/tools.ts to add your own tools - Edit src/manifest.ts to change capabilities - Set REGISTRY_URL and SERVICE_URL env vars for production This is ready to be integrated into any AI agent and adapted for production use with your own services and capability grants.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implement a complete, working Claude Desktop MCP server that authenticates all tool calls using AgentAuth. This is a reference implementation demonstrating:
Key implementation details:
Features:
Usage:
Customization: