AuthSec SDK Overview
Add Enterprise-Grade Authentication and Authorization to Your MCP Servers with Just 3 Lines of Code
The Problem: Unprotected AI Tools
If you're building MCP servers for AI assistants like Claude, you've probably encountered this critical issue:
All your tools are exposed to everyone by default.
Without proper security, anyone who connects to your MCP server can:
- Call
delete_user_account - Access
view_financial_reports - Trigger
deploy_to_production - Read sensitive company data
That's a security nightmare waiting to happen.
The Solution: AuthSec SDK
AuthSec SDK gives you enterprise-grade security in just 3 lines of code:
from authsec_sdk import protected_by_AuthSec, run_mcp_server_with_oauth
@protected_by_AuthSec("admin_tool", roles=["admin"])
async def admin_tool(arguments: dict) -> list:
return [{"type": "text", "text": "Welcome to admin panel!"}]
run_mcp_server_with_oauth(client_id="your-client-id", app_name="My Server")
That's it. Your tool is now protected by OAuth 2.0 and RBAC.
Key Features
🔐 Authentication (AuthN)
- OAuth 2.0 flow with PKCE security
- JWT token validation and management
- Persistent session handling
- Multi-tenant support out of the box
🛡️ Authorization (AuthZ)
- Role-Based Access Control (RBAC)
- Dynamic tool filtering (users only see permitted tools)
- Flexible permissions: roles, groups, scopes, resources
- Database-backed validation (not just JWT claims)
- AND/OR logic support
🔑 External Service Integration
- HashiCorp Vault integration
- Secure credential storage via UI
- Support for any API (GitHub, AWS, databases, Slack, etc.)
- Automatic credential rotation
- No credentials in code
✨ Developer Experience
- Single decorator to protect tools
- Minimal code changes
- Automatic tool hiding/showing
- User context auto-injected
- Zero security expertise required
Get Started Today
Secure your MCP server in just 5 minutes:
- Sign up: app.authsec.dev
- Install SDK:
pip install authsec-sdk - Add decorator:
@protected_by_AuthSec("tool_name", roles=["admin"]) - Run server:
python my_server.py
That's it. Your tools are now protected by enterprise-grade security.
Resources
- Documentation: docs.authsec.dev
- Dashboard: app.authsec.dev
- GitHub: github.com/authsec-ai/sdk-authsec
- Support: support@authsec.dev
Built with ❤️ by the AuthSec team