TemplatesWorkOS AuthKit
WorkOS AuthKit
An MCP server with WorkOS AuthKit authentication
An authenticated MCP server using WorkOS AuthKit for JWT-based authentication.
Features
- WorkOS AuthKit JWT verification via JWKS endpoint
- Session data via
getSession(), full user data viagetUser() - OAuth discovery endpoints auto-registered
- Example tools:
greet,whoami - HTTP transport with middleware-based auth
Getting Started
Prerequisites
You need a WorkOS account with:
- MCP Auth enabled under Connect → Configuration
- Client ID Metadata Document (CIMD) enabled for MCP client authentication
1. Create the project
2. Environment setup
Edit .env with your WorkOS credentials:
3. Install & run
How It Works
- MCP clients send requests with
Authorization: Bearer <token>header - The middleware verifies the JWT using WorkOS AuthKit's JWKS endpoint
- Valid sessions are stored in AsyncLocalStorage context
- Tools access session data via
getSession()andgetUser()
Using Session Data in Tools
OAuth Endpoints
The plugin automatically registers:
GET /.well-known/oauth-protected-resource— Resource server metadataGET /.well-known/oauth-authorization-server— Authorization server metadata
Deploy
Learn More
Other templates
Auth0 Authentication
An MCP server with Auth0 authentication and tools to interact with Auth0 client.
authentication
Clerk Authentication
An MCP server with Clerk authentication, session data and organization management
authentication
Scalekit Authentication
An MCP server with Scalekit authentication for B2B organizations. Per-user and per-org data isolation with optional RBAC.
authentication

