What is AuthPlane?
AuthPlane is an open-source, self-hosted OAuth 2.1 authorization server purpose-built for MCP servers. It issues, validates, and revokes the tokens your agents use, federates with the identity provider you already run, and records every delegation hop in an audit log. It deploys as a single Go binary alongside your MCP server, so token data never leaves your infrastructure. The server is AGPL-3.0; the SDKs are Apache-2.0.
Protect your server in 10 minutes
Two env vars, point your SDK at AuthPlane, PKCE, CIMD, JWKS rotation, all handled automatically
import asyncio
from authplane import InboundDPoPOptions
from authplane_mcp import authplane_mcp_auth, install_request_context
from mcp.server.fastmcp import FastMCP
async def main() -> None:
auth = await authplane_mcp_auth(
issuer="https://auth.example.com",
resource="https://mcp.example.com/mcp",
scopes=["tools/query"],
inbound_dpop=InboundDPoPOptions(required=True),
)
mcp = FastMCP("my-server", port=8080, json_response=True, **auth)
install_request_context(mcp) # required for inbound DPoP
# ... your @mcp.tool() handlers
await mcp.run_streamable_http_async()
asyncio.run(main()) import express from "express";
import { authplaneMcpAuth } from "@authplane/mcp";
const auth = await authplaneMcpAuth({
issuer: "http://localhost:9000",
resource: "http://localhost:3000/mcp",
scopes: ["tools/echo"],
});
const app = express();
app.use(express.json());
app.get(auth.protectedResourceMetadataPath,
auth.protectedResourceMetadataHandler);
app.all("/mcp", auth.bearerAuth, /* your MCP transport handler */);
app.listen(3000); package main
import (
"context"
"net/http"
"github.com/authplane/go-sdk/core/resource/verifier"
"github.com/authplane/go-sdk/mcp/pkg/authplanemcp"
)
func main() {
adapter, err := authplanemcp.NewAdapter(context.Background(), authplanemcp.Options{
Issuer: "http://localhost:9000",
Resource: "http://localhost:8080/mcp",
Scopes: []string{"tools/read"},
VerifierOptions: []verifier.Option{
verifier.WithInboundDPoP(verifier.InboundDPoPOptions{Required: true}),
},
})
if err != nil { panic(err) }
defer adapter.Close()
http.Handle(adapter.WellKnownPRMPath(), adapter.ProtectedResourceMetadataHandler())
http.Handle("/mcp", adapter.AuthMiddleware(/* your MCP handler */))
http.ListenAndServe(":8080", nil)
} Five capabilities, one binary
Scroll through Token Vault, DPoP, Token Exchange, Agent Identity, and Cross-App Access, which is the surface that keeps agent auth honest at every hop
Credentials in, scoped tokens out
- Upstream refresh tokens encrypted at rest — AES-256-GCM with per-purpose HKDF keys
- Short-lived, scoped access tokens vended on demand via RFC 8693 Token Exchange
- Agents never see the raw credentials for GitHub, Slack, Linear, or Google
- Optional HashiCorp Vault Transit so signing keys stay in an HSM
Tokens bound to their owner
- RFC 9449 binds every token to a key the client holds and proves per request
- Fresh JTI validated once — server rejects on replay
- Server nonces rotate automatically (60s TTL)
- Binding survives every delegation hop — composes with Vault and Token Exchange
Delegate without oversharing
- One RFC 8693 call downscopes a parent token — scope, audience, lifetime
- Chain depth tracked in the token claims — bounded and inspectable
- Every exchange in the audit log with actor and target identifiers
- Impersonation and delegation grant types both supported
Every agent, fully identified
- Each agent gets its own identity with an agent_id and sub claim
- User context embedded as an act (actor) claim chain — OIDC ActorToken extension
- Per-agent scopes broken out inside the token — no round-trip to enforce policy
- Three hops later, the token still names the human who authorized the work
Enterprise IdP in the loop
- Okta or Entra ID mediates every agent-to-tool connection — no consent popups
- JWT Bearer grant (RFC 7523) with JWKS discovery pins the audience
- Policy engine enforces scope, group membership, and step-up auth centrally
- Tokens stay short-lived, data stays inside your cloud
Your auth is your identity. It should live in your perimeter, not someone else's
That's the whole argument, everything else follows from it
- Runs in your own VPC, on-prem, or air-gapped network
- Identity data and signing keys never leave your perimeter
- Flat infrastructure cost, no per-token or per-MAU billing
- No vendor in your auth path, no third-party outage to inherit
- Open source under AGPL-3.0, audit and fork the code yourself
- Your tokens are issued from someone else's cloud
- User data and upstream secrets sit in their tenant
- Costs scale per active user, per token, or per connection
- Their downtime and rate limits become your downtime
- Closed source, with lock-in to their roadmap and pricing
Three paths, one server
Same server, different configurations, pick the path that matches your environment
Production
PostgreSQL · HA readyRegulated Enterprise
Vault Transit · Air-gappedFrom zero to running in three steps
No account required
Run the binary
One docker run brings up the OAuth endpoints and Admin UI.
Run your MCP server
Install the SDK and start your server with auth wired.
Ship it
Move to PostgreSQL and deploy with Helm.
Three tiers of the same core, what's shipped, what's next
Open Source is production-ready for the OAuth surface today, EE and Cloud extend it with the same spec and a broader operational envelope
Open Source
Self-host on your own infrastructure like a laptop, VM, Kubernetes, or air-gapped. One Go binary, one Docker run.
- OAuth 2.1 + PKCE
- Token Vault
- DPoP
- Token Exchange
- Agent delegation chains
- Federation to OIDC IdPs
- Admin UI
- Go / TypeScript / Python SDKs
- Rust, C#, and Java SDKs
- Helm chart (single-instance and basic HA)
AuthPlane EE
Self-host with enterprise support. Hardened defaults for regulated environments, priority patches, the extra language SDKs, and the compliance evidence packs your auditor will ask for.
- Rust, C#, and Java SDKs
- HA-tuned Helm values and reference deployments
- Vault Transit / HSM signing by default
- SLA-backed security patches
- Compliance evidence packs
AuthPlane Cloud
A managed AuthPlane, run by us, on the same open-source core. For teams that want spec-compliant issuance without having to operate the binary themselves. No date yet since we ship self-hosted first.
- Managed control plane, upgrades, and backups
- Same OAuth 2.1 surface as the open-source binary
- Regional data residency options