The last time I dived into building a toy MCP service for a school library assistant, which helps you search for books, borrow copies, and return them. I quickly realized this wasn’t practical. Without authentication and authorization, the service was only useful for an administrator with full access.
What if we want to expose a real service? Security needs to be a first-class citizen.
MCP service itself is not that mysterious. It’s essentially built upon HTTP protocol with an extra layer of protocol and formatting. We can leverage all the concept for building security for HTTP services, like TLS, OAuth, etc. With the FastMCP framework we can extend the Authn/Authz, just like the Python backend development process.
This is a toy implementation, but I think can demo the basic ideas for MCP service and LLM integration.
Code here: https://github.com/hxy9243/agents/tree/main/librarian
See last blog: https://blog.kevinhu.me/2025/08/09/Building-MCP-with-DSPy/