MCP Madness

Welcome to MCP Madness!

Please log in to access more features. If you testing on a fresh setup use richard@example.com.

About MCP Madness

MCP Madness is a proxy for FusionAuth to show off the capabilities of FusionAuth both as a MCP Server but also as the OAuth for any MCP Server. This app is firstly using NextAuth.js to handle the OAuth flow with FusionAuth. This allows users to log in with their FusionAuth credentials and manage their sessions securely. For the actual application you might want to use to setup your UI to call any of the MCP endpoints you want to use.

TODO: We will be adding more features to this app to show off the capabilities of FusionAuth as a MCP Server. Stay tuned!

Security

The MCP Tools used in this example allow for EVERYTHING to happen on your FusionAuth instance. I highly recommend reading the docs to understand how to set up your API keys and permissions to prevent this from being a security risk.

Endpoints

/mcp

This endpoint proxies requests to the MCP endpoints on your FusionAuth instance. It requires authentication and will return a 401 if the user is not logged in.

/.well-known/oauth-authorization-server

This endpoint proxies the MCP protected resource metadata from your FusionAuth instance. This is used by the MCP client to first get the meta data about the MCP server.

/register

This endpoint proxies the registration requests to your FusionAuth instance and creates an application. It then returns the client ID and client secret to the user. This is used by the MCP client to register itself with the MCP server.

/oauth2/authorize

This endpoint is directly on FusionAuth. It is used by the MCP client to initiate the OAuth flow and send the user to the FusionAuth instance to authorize the application. You can find more information about this endpoint in the FusionAuth OAuth docs. You will then get redirected back to the MCP client with an authorization code.

/oauth2/token

This endpoint is directly on FusionAuth. It is used by the MCP client to exchange the authorization code for an access token. You can find more information about this endpoint in the FusionAuth OAuth docs.

/[transport]

This route handles the transport layer for the MCP client. It is responsible for sending and receiving messages between the client and the server. You can find more information about this endpoint in the MCP docs. It is where the tools, prompts, and everything else is registered.

Testing

Running Next.js

Run the Next.js app locally with npm run dev and navigate to http://localhost:3000. You can then log in with your FusionAuth credentials and test the MCP endpoints.

Clients

MCP Inspector

To test the MCP server you can use the MCP Inspector.

Claud Desktop

{
  "mcpServers": {
    "fusionauth": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "http://localhost:3000/mcp"
      ]
    }
  }
}