ContextQMD
Back to Teleport

verify-teleport-jwt-mcp-go

examples/mcp-servers/verify-teleport-jwt-mcp-go/README.md

19.0.1-dev1.3 KB
Original Source

verify-teleport-jwt-mcp-go

Teleport sends a JWT token signed with Teleport's authority with each request to a target MCP server over the streamable HTTP or SSE transport.

This example demonstrates an MCP server built with mcp-go that verifies the JWT issued by Teleport and extracts the Teleport's identity information.

To start the server:

bash
# export TELEPORT_PROXY_URL=https://teleport.example.com
$ go run .
☕ Teleport cluster: teleport.example.com
☕ JWT algo: ES256
🚀 Teleport MCP app example:
app_service:
  enabled: "yes"
  apps:
  - name: "verify-teleport-jwt"
    uri: "mcp+http://127.0.0.1:8000/mcp"
    labels:
      env: dev
    rewrite:
      headers:
	  - "Authorization: Bearer {{internal.jwt}}"

🏁 Starting MCP server 'Verify Teleport JWT' with transport 'http' on http://127.0.0.1:8000/mcp

Sample response from calling the teleport_user_info_from_jwt tool via Teleport:

json
{
  "authenticated": true,
  "teleport_user_name": "admin",
  "teleport_roles": ["access", "editor"]
}

References: