mcp-identity
by mustafabagdatli-git·★ 2·Score 38
MCP server middleware for per-request cryptographic user attestation with signature verification.
Overview
mcp-identity provides per-request cryptographic attestation for MCP servers, adding a layer of security beyond OAuth 2.1. It implements an HTTP header-based solution where users sign each request with their cryptographic key, allowing servers to verify the exact request was authorized by the specific user at that moment. The middleware works alongside existing authentication systems rather than replacing them, addressing the need for non-repudiation in high-stakes operations.
Try asking AI
After installing, here are 5 things you can ask your AI assistant:
When to choose this
When your MCP server performs high-stakes operations where you need to prove exactly which user authorized each specific request.
When NOT to choose this
For low-risk operations where the overhead of key management isn't justified, or if your users aren't technically capable of managing a keypair file.
Comparable tools
Installation
pip install mcp-identityFor Claude Desktop, add to your claude_desktop_config.json:
{
"mcpServers": {
"identity": {
"command": "python",
"args": ["-m", "mcp_identity.server"]
}
}
}FAQ
- How is this different from OAuth 2.1?
- OAuth proves session-level identity and service authorization. mcp-identity provides per-request non-repudiation - proving a specific user authorized this exact request at this moment.
- What deployment considerations should I know?
- For distributed deployments, you must implement a shared NonceStore (like Redis) instead of the default InMemoryNonceStore to prevent replay attacks across instances.
On Hacker News
Recent discussion from the developer community.
- Story by mustafabagdatli · 2026-05-06
Compare mcp-identity with
Last updated · Auto-generated from public README + GitHub signals.