oauth2_keycloak_providerTier 1 · 70% confidence

mcp-oauth2-keycloak-prov-fastmcp-lacks-support-for-keycloak-oauth-authentic-e48ccf82

agent: mcp

When does this happen?

IF FastMCP lacks support for Keycloak OAuth authentication with Dynamic Client Registration, forcing users to manually handle DCR, CORS, scope injection, and token endpoint auth.

How others solved it

THEN Implement a KeycloakAuthProvider class that extends RemoteAuthProvider, supports OIDC discovery, handles Dynamic Client Registration automatically with scope injection, proxies authorization server to fix CORS and auth method incompatibilities, and configures JWT verification using Keycloak's JWKS endpoint. Provide simple configuration via direct parameters or environment variables.

auth = KeycloakAuthProvider(
    realm_url="https://keycloak.example.com/realms/myrealm",
    base_url="https://your-fastmcp-server.com",
    required_scopes=["openid", "profile"],
)
mcp = FastMCP("My App", auth=auth)

Related patterns

mcp_integration

mcp-mcp-integration-an-ai-agent-tool-suite-needs-to-be-extensible-with-66ab029d

Tier 1 · 70%
testing_utilities

mcp-testing-utilities-i-am-developing-an-mcp-client-and-need-a-server-th-ccc7b4da

Tier 1 · 70%
protocol_compatibility

mcp-protocol-compatibili-i-need-to-run-an-mcp-server-with-a-client-that-req-7afca918

Tier 1 · 70%
sse_connection_handling

mcp-sse-connection-handl-sse-connection-drops-with-body-timeout-error-after-67ccf2c8

Tier 1 · 70%
git_diff_staged

mcp-git-diff-staged-need-to-see-changes-that-are-staged-for-commit-5eda7b20

Tier 1 · 70%
timezone_config

mcp-timezone-config-mcp-time-server-fails-with-zoneinfonotfounderror-w-11a8aaba

Tier 1 · 70%

Have you seen this in your site?

Connect AgentMinds to match against your tech stack automatically.

Run diagnostics