Keycard Hello Server
БесплатноНе проверенAn MCP server demonstrating OAuth 2.0 authentication with Keycard's Security Token Service, providing tools for displaying the Keycard logo and retrieving authe
Описание
An MCP server demonstrating OAuth 2.0 authentication with Keycard's Security Token Service, providing tools for displaying the Keycard logo and retrieving authenticated user information.
README
A production-ready MCP server demonstrating OAuth 2.0 authentication with Keycard's Security Token Service (STS). This project showcases best practices for building secure, type-safe, and modular MCP servers with enterprise-grade observability.
TypeScript Node.js MCP Protocol OAuth 2.0
🎯 What This Demonstrates
- 🔒 OAuth 2.0 Authentication - Secure authentication via Keycard STS
- ✨ Type Safety - Full TypeScript with Zod runtime validation
- 🏗️ Modular Architecture - Clean separation of concerns for easy extension
- 🚀 Production Ready - Error handling, validation, and comprehensive logging
- 📚 Educational - Well-documented code showing MCP best practices
- 🧪 Testing Framework - Jest with coverage, integration tests, and watch modes
- 📊 Observability - OpenTelemetry integration with traces and metrics
🚀 Quick Start
🏗️ Architecture
┌─────────────┐ ┌──────────────┐ ┌─────────────┐
│ Cursor │───▶│ MCP Server │───▶│ Keycard STS │
│ IDE │ │ (localhost: │ │ │
│ │ │ 8888) │ │ │
└─────────────┘ └──────────────┘ └─────────────┘
│ │ │
OAuth Flow JWT Validation Token Issuance
🔄 Authentication Flow
- Cursor discovers OAuth endpoints from MCP server
- User authenticates via Keycard STS (redirected to identity provider)
- Keycard STS issues JWT access tokens
- MCP Server validates tokens and grants access to tools
Prerequisites
- Node.js 18+ and npm
- Cursor IDE (or any MCP-compatible client)
- Keycard account with access to the Console
- Configured Keycard zone (for authentication)
1. Clone & Install
git clone https://github.com/keycardai/hello-mcp-server.git
cd hello-mcp-server
npm install
2. Configure Environment
Create a .env file:
# Required: Your Keycard STS issuer URL
KEYCARD_STS_ISSUER_URL=https://your-zone-id.keycard.cloud
# Optional: Server configuration
PORT=8888
HOST=localhost
💡 Finding your Zone ID:
- Log into the Keycard Console
- Navigate to Zone Settings
- Copy the Zone ID (e.g.,
j434uokph8th1ia1npxiaykh7p) - Replace
your-zone-idin your STS URL
Note: Use the zone ID, not the zone name or label.
3. Start the Server
# Development mode with auto-reload
npm run dev
# Production mode
npm run build && npm start
You should see:
🚀 Keycard Hello MCP Server started!
🔗 MCP Endpoint: http://localhost:8888/mcp
🔐 STS Issuer: https://your-zone-id.keycard.cloud
🛠️ Available Tools: keycard-logo, whoami
4. Configure Cursor IDE
Add to your Cursor MCP settings:
{
"mcpServers": {
"keycard-hello-mcp": {
"url": "http://localhost:8888/mcp"
}
}
}
5. Test Authentication
- Restart Cursor to pick up the new MCP server
- Cursor will show "needs login" for the server
- Click to authenticate → complete OAuth flow
- Use the tools:
keycard-logo,whoami
🛠️ Available Tools
keycard-logo
Displays the official Keycard ASCII art logo.
whoami
Provides detailed information about the authenticated user including:
- Client ID and authentication scopes
- JWT payload with user information
- Token expiration and timing details
- Custom claims and metadata
🔧 Configuration
Environment Variables
| Variable | Description | Default | Required |
|---|---|---|---|
KEYCARD_STS_ISSUER_URL |
Keycard STS issuer URL (single-tenant mode) | - | ✅* |
ISSUER_BASE_DOMAIN |
Base domain for STS (multi-tenant mode) | - | ✅* |
MCP_BASE_DOMAIN |
Base domain for MCP server (multi-tenant mode) | - | ✅* |
PORT |
Server port | 8888 |
|
HOST |
Server host | localhost |
|
LOG_LEVEL |
Logging level | INFO |
|
ENABLE_OTEL |
Enable OpenTelemetry | true |
|
OTEL_SERVICE_NAME |
Service name for telemetry | hello-mcp-server |
|
OTEL_ENVIRONMENT |
Environment for telemetry | development |
*Either KEYCARD_STS_ISSUER_URL (single-tenant) OR ISSUER_BASE_DOMAIN + MCP_BASE_DOMAIN (multi-tenant) is required.
Multi-Tenant Configuration
For multi-tenant deployments (serving multiple organizations/zones), use these environment variables instead:
# Multi-tenant mode
ISSUER_BASE_DOMAIN=keycard.cloud
MCP_BASE_DOMAIN=mcp.example.com
# Other configuration
PORT=8888
ENABLE_OTEL=true
This enables dynamic issuer discovery based on subdomain routing, allowing one deployment to serve multiple Keycard zones.
Observability
The server includes comprehensive observability features:
- Structured Logging: Environment-aware logging with trace correlation
- Request Tracing: Full distributed tracing with OpenTelemetry
- Metrics Collection: Performance and usage metrics
- Health Checks: Available at
/health
In development, logs are formatted for console readability. In production, logs are sent to configured OTLP endpoints.
🏗️ Architecture
src/
├── config.ts # Configuration management
├── index.ts # Application entry point
├── server.ts # Express server setup
├── middleware/ # Express middlewares
│ ├── auth.ts # Authentication middleware
│ └── logging.ts # Request logging and tracing
├── observability/ # Telemetry and logging
│ ├── logger.ts # Structured logger
│ └── telemetry.ts # OpenTelemetry setup
├── tools/ # MCP tools
│ ├── index.ts # Tool registration
│ ├── logo.ts # Keycard logo tool
│ └── whoami.ts # User information tool
└── types/ # Type definitions
├── auth.ts # Authentication types
└── index.ts # Exported types
🧪 Testing
# Run all tests
npm test
# Run tests with coverage
npm run test:coverage
# Run integration tests
npm run test:integration
# Watch mode for development
npm run test:watch
📊 Code Quality
# Lint code
npm run lint
# Fix linting issues
npm run lint:fix
# Format code
npm run format
# Check all (lint + format)
npm run check
# Fix all issues
npm run check:fix
🔗 MCP Integration
Cursor IDE
- Start the server:
npm run dev - In Cursor, go to Settings > MCP Servers
- Add server:
http://localhost:8888/mcp
🚦 Health Checks
The server provides a health check endpoint at /health:
curl http://localhost:8888/health
Response:
{
"status": "healthy",
"timestamp": "2024-01-01T00:00:00.000Z",
"service": "hello-mcp-server",
"version": "1.0.0"
}
🤝 Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Run tests and quality checks
- Submit a pull request
📄 License
Apache-2.0 License - see LICENSE file for details.
Установка Keycard Hello Server
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/keycardai/hello-mcp-serverFAQ
Keycard Hello Server MCP бесплатный?
Да, Keycard Hello Server MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Keycard Hello Server?
Нет, Keycard Hello Server работает без API-ключей и переменных окружения.
Keycard Hello Server — hosted или self-hosted?
Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.
Как установить Keycard Hello Server в Claude Desktop, Claude Code или Cursor?
Открой Keycard Hello Server на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Keycard Hello Server with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
