- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Securing MCP Servers: Role-Based Tool Access with OAuth 2.0 and AWS Cognito
Welcome back to the channel! In today's video, we're building on our previous Azure Entra implementation and showing you how to secure your MCP server tools using AWS Cognito instead.
We'll walk through the complete process of setting up authentication and authorization for your MCP server, creating custom scopes, implementing policies in .NET, and testing everything with Postman. By the end of this tutorial, you'll be able to control access to your MCP tools based on which scopes are included in the access token.
📚 What You'll Learn
✅ How to set up AWS Cognito for machine-to-machine authentication
✅ Creating a resource server and custom scopes in Cognito
✅ Configuring app clients with the right permissions
✅ Implementing JWT Bearer authentication in .NET
✅ Creating custom authorization policies that validate Cognito scopes
✅ Handling the "default scope" behavior in AWS Cognito
✅ Testing with Postman using different scope combinations
✅ Complete working code example for MCP server security
🛠️ Prerequisites
An AWS account (free tier works fine)
Visual Studio / VS Code with .NET installed
Basic understanding of MCP servers (check the playlist link below)
Postman for testing API calls
📮 Postman Setup
Grant Type: Client Credentials
Access Token URL: https://your-domain.auth.region.amazoncognito.com/oauth2/token
Client ID: From your app client
Client Secret: From your app client
Scopes: Space-separated list (e.g., https://api.example.com/WeatherSecuredTools1 https://api.example.com/WeatherSecuredTools2)
🎯 Key Takeaways
✅ AWS Cognito returns ALL scopes when you omit the scope parameter
✅ Use a "default" scope to detect when no scopes were explicitly requested
✅ Scopes come as a space-separated string in the JWT token
✅ Custom authorization policies give you fine-grained control
✅ The same MCP server can support both public and secure tools
📖 Video Chapters
⏱️ 0:00 - Introduction & What We'll Build
⏱️ 1:30 - Quick Demo: Secure Tools in Action
⏱️ 3:15 - Setting Up AWS Cognito User Pool
⏱️ 5:40 - Creating App Client (M2M Application)
⏱️ 7:20 - Configuring Resource Server & Custom Scopes
⏱️ 10:15 - Assigning Scopes to App Client
⏱️ 12:00 - Getting Access Token URL & Credentials
⏱️ 14:30 - Testing Token in Postman & jwt.io
⏱️ 16:45 - Installing Required NuGet Packages
⏱️ 18:30 - Configuring Authentication in Program.cs
⏱️ 20:15 - Creating Custom Scope Validation Logic
⏱️ 23:40 - Implementing Authorization Policies
⏱️ 26:00 - Adding Authorize Attributes to Tools
⏱️ 28:15 - Testing: Both Scopes → Both Tools Available
⏱️ 30:30 - Testing: Single Scope → Single Tool Available
⏱️ 32:45 - Testing: No Scope → No Secure Tools (Default Scope Logic)
⏱️ 35:00 - Complete Code Review & Explanation
⏱️ 37:30 - AWS Cognito Configuration Recap
⏱️ 39:00 - Postman Setup Walkthrough
⏱️ 41:15 - Final Thoughts & Next Steps
Видео Securing MCP Servers: Role-Based Tool Access with OAuth 2.0 and AWS Cognito канала Code & Cloud
We'll walk through the complete process of setting up authentication and authorization for your MCP server, creating custom scopes, implementing policies in .NET, and testing everything with Postman. By the end of this tutorial, you'll be able to control access to your MCP tools based on which scopes are included in the access token.
📚 What You'll Learn
✅ How to set up AWS Cognito for machine-to-machine authentication
✅ Creating a resource server and custom scopes in Cognito
✅ Configuring app clients with the right permissions
✅ Implementing JWT Bearer authentication in .NET
✅ Creating custom authorization policies that validate Cognito scopes
✅ Handling the "default scope" behavior in AWS Cognito
✅ Testing with Postman using different scope combinations
✅ Complete working code example for MCP server security
🛠️ Prerequisites
An AWS account (free tier works fine)
Visual Studio / VS Code with .NET installed
Basic understanding of MCP servers (check the playlist link below)
Postman for testing API calls
📮 Postman Setup
Grant Type: Client Credentials
Access Token URL: https://your-domain.auth.region.amazoncognito.com/oauth2/token
Client ID: From your app client
Client Secret: From your app client
Scopes: Space-separated list (e.g., https://api.example.com/WeatherSecuredTools1 https://api.example.com/WeatherSecuredTools2)
🎯 Key Takeaways
✅ AWS Cognito returns ALL scopes when you omit the scope parameter
✅ Use a "default" scope to detect when no scopes were explicitly requested
✅ Scopes come as a space-separated string in the JWT token
✅ Custom authorization policies give you fine-grained control
✅ The same MCP server can support both public and secure tools
📖 Video Chapters
⏱️ 0:00 - Introduction & What We'll Build
⏱️ 1:30 - Quick Demo: Secure Tools in Action
⏱️ 3:15 - Setting Up AWS Cognito User Pool
⏱️ 5:40 - Creating App Client (M2M Application)
⏱️ 7:20 - Configuring Resource Server & Custom Scopes
⏱️ 10:15 - Assigning Scopes to App Client
⏱️ 12:00 - Getting Access Token URL & Credentials
⏱️ 14:30 - Testing Token in Postman & jwt.io
⏱️ 16:45 - Installing Required NuGet Packages
⏱️ 18:30 - Configuring Authentication in Program.cs
⏱️ 20:15 - Creating Custom Scope Validation Logic
⏱️ 23:40 - Implementing Authorization Policies
⏱️ 26:00 - Adding Authorize Attributes to Tools
⏱️ 28:15 - Testing: Both Scopes → Both Tools Available
⏱️ 30:30 - Testing: Single Scope → Single Tool Available
⏱️ 32:45 - Testing: No Scope → No Secure Tools (Default Scope Logic)
⏱️ 35:00 - Complete Code Review & Explanation
⏱️ 37:30 - AWS Cognito Configuration Recap
⏱️ 39:00 - Postman Setup Walkthrough
⏱️ 41:15 - Final Thoughts & Next Steps
Видео Securing MCP Servers: Role-Based Tool Access with OAuth 2.0 and AWS Cognito канала Code & Cloud
Комментарии отсутствуют
Информация о видео
2 марта 2026 г. 17:09:39
00:33:01
Другие видео канала
Azure Foundry - Azure AI Chat Application with External Data + .NET Azure SDK & C#.NET
Copilot Studio: The Ultimate Guide to Adding ALL Knowledge Sources (Files, SharePoint, Azure & More)
Part 7 - Automate AI Avatar Videos with Azure Speech Service & .NET
MCP Server & Agentic RAG: Streamable HTTP Tool with .NET, Exposing Azure Search for Azure Foundry
Part 2 - Azure AI Foundry Agent & MCP Integration with C# & ASP.NET, Display Users List
Step-by-Step: Build Your First Agent in the NEW Azure Foundry (With 3 Powerful Tools!)
AI Automation: End-to-End Receipt OCR with Azure AI Document Intelligence & ML Functions in C#
How We Built an AI-Powered Insurance Card Reader Using Azure AI Foundry & SharePoint
Part 4 - Azure AI Foundry Agent & MCP Integration with C# & ASP.NET, Create Insurance Claim Agent
MCP Server + Copilot Studio: Build Custom AI Agents for Microsoft Teams
Securing MCP Servers: Role-Based Tool Access with OAuth 2.0 and Auth0
AI-Powered Passport Verification: An End-to-End Azure AI Foundry & SharePoint OCR System
OpenClaw Part 1: Install on Windows 11, Add WhatsApp & Discord Channels.
Part 3 - Azure AI Foundry Agent & MCP Integration with C# & ASP.NET, User Sign In
Part 6 - How to Connect Copilot Studio to Azure Functions & AI Agents
Beyond Basics: Building a Filtered, Scalable MCP Server in .NET 9
OpenClaw Part 3: Getting Started with Automation by Building 2 Real Tools (API & Price Tracker)
Build STDIO MCP Server with MCP Inspector, Console Application, Visual Studio & C#.NET
Create a Hub and a Project in Azure AI Foundry
Copilot Studio: Mastering Topic-to-Topic Redirection and Variable Hand-off in Copilot Agent
