Agents · Security

MCP / A2A Auth Generator

Generate authentication configs for your MCP servers and A2A agents — secure tokens, HTTP headers, and ready-to-use snippets you can paste straight into the Inspector, the Validator, or your own code.

✓ Runs locally

Authentication type

Secret strength (random bytes)

Snippet target

ⓘ Secrets are generated with crypto.getRandomValues in your browser. Nothing is sent anywhere or stored — secrets live in memory only and are masked until you reveal them.

auth config — for the Inspector / Validator

{ "type": "none" }

HTTP headers — what the server receives

{}

Reveal is off — values are masked for screen-sharing. Copy & Download always emit the real secret.

Click Generate to build your snippets…

Snippets target the live Worker endpoints — paste them as-is, or swap the example server URLs for your own.

Drop these framework-free helpers into your own projects. Same API on both sides: generateAuthConfig(), authToHttpHeaders(), generateSecureToken().

JS auth-generator.jsBrowser global — exposes window.AuthGenerator ⇩ ⬡ auth-generator.node.jsNode.js ESM — import { generateAuthConfig } ⇩

Server sideSave the same secret on your server: export MCP_BEARER_TOKEN=… / export A2A_BEARER_TOKEN=… — grab the line from the .env snippet.

MCP InspectorOpen the MCP Server Inspector, pick the same auth type, and paste the generated secret.

A2A ValidatorOpen the A2A Agent Validator and validate a protected agent card with the same credential.

ProductionRandom Bearer tokens are great for demos. For multi-user systems, graduate to short-lived JWTs or OAuth 2.1 / OIDC with scoped tokens.

MCP / A2A Auth Generator

⚙ Configuration

{ } Generated config

</> Reusable snippets

⇩ Reusable libraries

→ Use it with the tools