Product · MCP security

What is AuthPlane?

AuthPlane is an open-source, self-hosted OAuth 2.1 authorization server purpose-built for MCP servers. It issues, validates, and revokes the tokens your agents use, federates with the identity provider you already run, and records every delegation hop in an audit log. It deploys as a single Go binary alongside your MCP server, so token data never leaves your infrastructure. The server is AGPL-3.0; the SDKs are Apache-2.0.

Integration

Protect your server in 10 minutes

Two env vars, point your SDK at AuthPlane, PKCE, CIMD, JWKS rotation, all handled automatically

server.py python
import asyncio
from authplane import InboundDPoPOptions
from authplane_mcp import authplane_mcp_auth, install_request_context
from mcp.server.fastmcp import FastMCP


async def main() -> None:
    auth = await authplane_mcp_auth(
        issuer="https://auth.example.com",
        resource="https://mcp.example.com/mcp",
        scopes=["tools/query"],
        inbound_dpop=InboundDPoPOptions(required=True),
    )
    mcp = FastMCP("my-server", port=8080, json_response=True, **auth)
    install_request_context(mcp)  # required for inbound DPoP
    # ... your @mcp.tool() handlers
    await mcp.run_streamable_http_async()


asyncio.run(main())
What's included

Five capabilities, one binary

Scroll through Token Vault, DPoP, Token Exchange, Agent Identity, and Cross-App Access, which is the surface that keeps agent auth honest at every hop

01
Token Vault

Credentials in, scoped tokens out

  • Upstream refresh tokens encrypted at rest — AES-256-GCM with per-purpose HKDF keys
  • Short-lived, scoped access tokens vended on demand via RFC 8693 Token Exchange
  • Agents never see the raw credentials for GitHub, Slack, Linear, or Google
  • Optional HashiCorp Vault Transit so signing keys stay in an HSM
02
DPoP

Tokens bound to their owner

  • RFC 9449 binds every token to a key the client holds and proves per request
  • Fresh JTI validated once — server rejects on replay
  • Server nonces rotate automatically (60s TTL)
  • Binding survives every delegation hop — composes with Vault and Token Exchange
03
Token Exchange

Delegate without oversharing

  • One RFC 8693 call downscopes a parent token — scope, audience, lifetime
  • Chain depth tracked in the token claims — bounded and inspectable
  • Every exchange in the audit log with actor and target identifiers
  • Impersonation and delegation grant types both supported
04
Agent Identity

Every agent, fully identified

  • Each agent gets its own identity with an agent_id and sub claim
  • User context embedded as an act (actor) claim chain — OIDC ActorToken extension
  • Per-agent scopes broken out inside the token — no round-trip to enforce policy
  • Three hops later, the token still names the human who authorized the work
05
Cross-App Access

Enterprise IdP in the loop

  • Okta or Entra ID mediates every agent-to-tool connection — no consent popups
  • JWT Bearer grant (RFC 7523) with JWKS discovery pins the audience
  • Policy engine enforces scope, group membership, and step-up auth centrally
  • Tokens stay short-lived, data stays inside your cloud
A clay object morphs through AuthPlane's concepts: architecture, token vault, delegation, DPoP and federation.
Why self-hosted

Your auth is your identity. It should live in your perimeter, not someone else's

That's the whole argument, everything else follows from it

Self-hosted AuthPlane
SaaS auth providers
Runs in your own VPC, on-prem, or air-gapped network
Your tokens are issued from someone else's cloud
Identity data and signing keys never leave your perimeter
User data and upstream secrets sit in their tenant
Flat infrastructure cost, no per-token or per-MAU billing
Costs scale per active user, per token, or per connection
No vendor in your auth path, no third-party outage to inherit
Their downtime and rate limits become your downtime
Open source under AGPL-3.0, audit and fork the code yourself
Closed source, with lock-in to their roadmap and pricing
  • Runs in your own VPC, on-prem, or air-gapped network
  • Identity data and signing keys never leave your perimeter
  • Flat infrastructure cost, no per-token or per-MAU billing
  • No vendor in your auth path, no third-party outage to inherit
  • Open source under AGPL-3.0, audit and fork the code yourself
  • Your tokens are issued from someone else's cloud
  • User data and upstream secrets sit in their tenant
  • Costs scale per active user, per token, or per connection
  • Their downtime and rate limits become your downtime
  • Closed source, with lock-in to their roadmap and pricing
Deployment

Three paths, one server

Same server, different configurations, pick the path that matches your environment

< 1 minute

Local Development

SQLite · Zero config
$docker run -p 9000:9000 -p 9001:9001 \
  -e AUTHPLANE_ADMIN_API_KEY=$(openssl rand -hex 32) \
  -e AUTHPLANE_SESSION_SECRET=$(openssl rand -hex 32) \
  -e AUTHPLANE_DPOP_ENABLED=true \
  -v authserver-data:/data \
  authplane/authserver:latest serve
Quickstart →
< 15 minutes

Production

PostgreSQL · HA ready
$helm install authplane \
  oci://ghcr.io/authplane/charts/authplane \
  --version 0.1.0 \
  -f values-production.yaml
# values-production.yaml sets: issuer, secrets, postgres password
Deployment guide →
< 30 minutes

Regulated Enterprise

Vault Transit · Air-gapped
$authserver serve \
  --config /etc/authserver/config.yaml
Security docs →
Quickstart

From zero to running in three steps

No account required

STEP 01

Run the binary

One docker run brings up the OAuth endpoints and Admin UI.

$docker run -p 9000:9000 -p 9001:9001 \
  -e AUTHPLANE_ADMIN_API_KEY=$(openssl rand -hex 32) \
  -e AUTHPLANE_SESSION_SECRET=$(openssl rand -hex 32) \
  -e AUTHPLANE_DPOP_ENABLED=true \
  -v authserver-data:/data \
  authplane/authserver:latest serve
✓ OAuth :9000 · Admin :9001/admin/ui/
STEP 02

Run your MCP server

Install the SDK and start your server with auth wired.

$pip install authplane-mcp
$python server.py
INFO: Uvicorn running on :8080
✓ MCP server live · bearer auth wired
# TypeScript and Go in the docs
STEP 03

Ship it

Move to PostgreSQL and deploy with Helm.

$helm install authplane \
  oci://ghcr.io/authplane/charts/authplane \
  --version 0.1.0 \
  -f values-production.yaml
# values-production.yaml sets: issuer, secrets, postgres password
NAME: authplane · STATUS: deployed
✓ Postgres wired · secrets stored in Kubernetes
Product roadmap

Three tiers of the same core, what's shipped, what's next

Open Source is production-ready for the OAuth surface today, EE and Cloud extend it with the same spec and a broader operational envelope

AVAILABLE · V0.1.X

Open Source

AGPL-3.0 · Free forever

Self-host on your own infrastructure like a laptop, VM, Kubernetes, or air-gapped. One Go binary, one Docker run.

  • OAuth 2.1 + PKCE
  • Token Vault
  • DPoP
  • Token Exchange
  • Agent delegation chains
  • Federation to OIDC IdPs
  • Admin UI
  • Go / TypeScript / Python SDKs
  • Rust, C#, and Java SDKs
  • Helm chart (single-instance and basic HA)
View on GitHub ↗
ROADMAP

AuthPlane EE

Commercial · Coming soon

Self-host with enterprise support. Hardened defaults for regulated environments, priority patches, the extra language SDKs, and the compliance evidence packs your auditor will ask for.

  • Rust, C#, and Java SDKs
  • HA-tuned Helm values and reference deployments
  • Vault Transit / HSM signing by default
  • SLA-backed security patches
  • Compliance evidence packs
Get on the EE waitlist →
ROADMAP

AuthPlane Cloud

Managed SaaS · Coming soon

A managed AuthPlane, run by us, on the same open-source core. For teams that want spec-compliant issuance without having to operate the binary themselves. No date yet since we ship self-hosted first.

  • Managed control plane, upgrades, and backups
  • Same OAuth 2.1 surface as the open-source binary
  • Regional data residency options
Get on the Cloud waitlist →

Your MCP server needs an authorization layer
This is it

Open-source · one Go binary · one docker run