Develop and Secure Remote MCP Servers with Asgardeo and Cloudflare

What is MCP

The Model Context Protocol (MCP) is an open standard designed to overcome the inherent limitations of large language model (LLM)-powered agentic applications. While these agentic applications excel at reasoning, summarizing, and content generation, they are fundamentally disconnected from the real world. They cannot access live data, interact with private systems, or execute tools on behalf of users. MCP bridges this gap by providing a universal, standardized interface that connects agentic applications to real-world data sources, APIs, and execution environments, securely and dynamically.

As a developer working with MCP, your focus will typically fall into one of two areas: building MCP clients or MCP servers.

• MCP clients are lightweight connectors embedded within host applications. Each client maintains a 1:1 stateful session with a designated MCP server. The client's primary responsibility is to route protocol messages between the host and the server, forming a thin yet critical communication layer.
  
  
• MCP servers are responsible for exposing capabilities and context via the MCP protocol. These servers integrate with real-world tools and data, ranging from local resources like a file system or database, to remote APIs such as those provided by payment processors, enterprise systems, or cloud services.

MCP defines two standard transport mechanisms to support a wide range of deployment scenarios:

• STDIO (Standard Input/Output): This is used for local communication. When the host application is configured with an MCP server, it launches the server as a subprocess and exchanges messages via standard input and output streams.
  
  
• Streamable HTTP: For remote communication, MCP uses Server-Sent Events (SSE) to maintain a persistent, bidirectional channel over HTTP. This setup is ideal for scenarios where the MCP server is hosted remotely and interacts with external systems or APIs.

When an MCP client connects to a remote server over HTTP, security becomes a very important aspect. The MCP authentication specification mandates the use of the OAuth 2.1 draft standard. Clients must obtain and present a valid access token when initiating a connection. If the token is missing or invalid, the server responds with an HTTP 401 Unauthorized error.

Develop Remote MCP Servers with Cloudflare

Developing remote MCP servers using Cloudflare Workers is a powerful way to deploy scalable, low-latency MCP endpoints at the edge. Cloudflare Workers allow you to write and run serverless code in JavaScript or TypeScript that executes close to the user, making it ideal for delivering fast responses to agentic applications across the globe. These MCP servers can expose real-world data or trigger actions by connecting to external APIs or internal services, all while complying with the MCP protocol over streamable HTTP. Cloudflare's edge runtime ensures high availability and performance, while its support for secure secrets, durable objects, and KV storage everything you need to develop and deploy a remote MCP server rapidly.

While Cloudflare Workers offer a powerful platform for hosting remote MCP servers, developers are responsible for implementing OAuth 2.1 token handling, user authentication, and user management. To simplify this process, Cloudflare provides an OAuth provider library, which can be used to build these capabilities from scratch or to integrate seamlessly with external identity providers that already offer comprehensive authentication and authorization solutions.

Secure Remote MCP Servers with Asgardeo

Asgardeo is a cloud-based identity provider built on the same robust technology core as the leading open-source WSO2 Identity Server, delivering everything you need for secure identity management. As a developer, you don't need to build the complex identity standards required by the MCP auth specification, mandatory for remote MCP servers, because Asgardeo provides full support for them, securing the MCP servers deployed on Cloudflare Workers simple, and Asgardeo supports:

• OAuth 2.1 draft spec
• OAuth2 Authorization Server Metadata
• OAuth2 Dynamic Client Registration
• Proof Key for Code Exchange (PKCE)

Beyond meeting MCP auth spec requirements, Asgardeo also provides advanced authentication features such as multi-factor authentication (MFA), passwordless login, and fine-grained access control. These capabilities ensure that your remote MCP servers are secure, standards-compliant, and ready for real-world deployment.

Beyond supporting the MCP auth spec, Asgardeo also offers strong authentication features such as multi-factor authentication (MFA) and passwordless login, along with access control capabilities, ensuring your MCP servers operate securely in real-world environments.

We've provided an AsgardeoHandler that you can easily configure in your MCP server built with Cloudflare Workers, as shown in the following code snippet.

The following sequence diagram illustrates the runtime interactions between components when an MCP client obtains an access token.

During the runtime, you would be able to see the following consent screen first and then forwarded to the Asgardeo login page for authentication.

To get started, follow the Asgardeo Cloudflare MCP Server quickstart guide.

Alternatively, you can find a sample demo application from here.

Access Control

Access control is essential when building practical MCP servers, especially when access to tools must be restricted based on user roles or token scopes. Asgardeo supports both role-based access control (RBAC) and scope-based access control, enabling fine-grained permission models for your MCP server.

Asgardeo allows you to manage roles at both the application and organization levels. Roles can be assigned directly to individual users or, more efficiently, to user groups. By enabling roles as a user attribute in Asgardeo, the associated roles of the authenticated user can be retrieved within the MCP server using the this.props property.

For example, the following code snippet demonstrates how to retrieve roles from this.props, check if the user has a manager role, and expose specific tools accordingly.

Similarly, scopes associated with the current access token can be accessed using this.props, allowing you to render tools dynamically based on scoped permissions.

To test your MCP server, whether running locally or deployed on Cloudflare, you can use tools such as the Cloudflare Workers AI LLM Playground, MCP Inspector, or Claude Desktop.

During the connection establishment phase, you will first be prompted with a consent screen requesting your approval. Upon providing consent, you will be redirected to the login page of your Asgardeo organization to complete the authentication process.

After configuring your MCP server URL within one of these tools, you can try a simple prompt like "Who am I?" to verify the connection and functionality. The response should reflect the server's behavior as shown in the following screenshot.

Conclusion

In this post, we explored how to secure a remote MCP server using Asgardeo as an identity provider and implement access control to manage tool-level permissions. By leveraging Asgardeo's robust authentication and authorization capabilities, developers can build secure, standards-compliant MCP servers that protect sensitive tools and data.

Remote MCP servers significantly enhance the capabilities of LLM-powered agentic applications by enabling seamless, real-time access to the tools and information users need. If you're building agentic applications or simply want to learn more visit our dedicated AI landing page and join the WSO2 IAM Early Access Program.