Sitecore Marketer MCP with External Auth - Python & .NET Examples

Sitecore’s new Marketer MCP requires External Auth for secure integration, but the Microsoft Agent Framework didn’t have clear examples of how to implement this. I’ve created comprehensive Python and .NET examples showing exactly how to build AI agents that authenticate with Sitecore using OAuth 2.1 + PKCE.

The Problem

When integrating with Sitecore’s Marketer MCP server, you need:

• OAuth 2.1 with PKCE (Proof Key for Code Exchange) for enhanced security
• A working agent framework that can use MCP tools
• Secure token management (NOT cached to disk in production)
• Clear examples that work end-to-end

The Microsoft Agent Framework documentation didn’t provide these specific examples, so I built them from scratch. These examples demonstrate the authentication flow for learning and development purposes.

The Solution: Two Implementations

Python Implementation (Recommended)

The Python version is fully automated and feature-rich:

Key Features:

• ✅ OAuth 2.1 with PKCE authentication
• ✅ Automatic token caching (24-hour expiry)
• ✅ Streaming responses (word-by-word output)
• ✅ 39+ Sitecore tools automatically available
• ✅ Tool call indicators for visibility
• ✅ Conversation history management

Quick Start:

cd python_example
pip install -r requirements.txt
cp .env.example .env  # Configure Azure OpenAI credentials
python agent_with_mcp.py

The Python implementation uses MCPStreamableHTTPTool for native MCP integration with automatic tool orchestration.

.NET Implementation

Built with the official Microsoft.Agents.AI preview packages:

Key Features:

• ✅ Official ModelContextProtocol C# SDK (v0.4.0-preview.3)
• ✅ OAuth 2.1 with PKCE authentication
• ✅ HttpClientTransport for HTTP/SSE connections
• ✅ MCP tool discovery via SDK (39+ tools)
• ✅ Automatic function calling
• ✅ Tool call visibility
• ⚠️ No streaming (preview limitation)

Quick Start:

cd dotnet_example/SitecoreMcpChat
cp appsettings.example.json appsettings.json
dotnet run

The .NET implementation passes tools directly to the Agent Framework for automatic orchestration.

How OAuth 2.1 + PKCE Works

Both implementations follow the same secure authentication flow:

1. Metadata Discovery - Read OAuth endpoints from .well-known/oauth-authorization-server
2. Dynamic Client Registration - Register OAuth client with the MCP server
3. PKCE Flow - Generate code challenge/verifier for enhanced security
4. Browser Authentication - Opens browser for user login
5. Local Callback - Runs HTTP server on localhost:3000 to receive auth code
6. Token Exchange - Exchange authorization code for access token
7. Token Caching - Caches tokens for 24 hours (development only)

Available MCP Tools

Both implementations provide access to 39+ Sitecore Marketer MCP tools organized by category:

Site & Content Management

• List sites, get site information, manage configuration
• Create/update/delete pages and content items
• Search content, get page details, manage templates

Component & Language Management

• List, add, and remove components from pages
• Manage component datasources
• Get available languages, add language versions

Asset & Marketing Operations

• Search assets, upload files, update metadata
• Create personalization versions
• Manage targeting rules and configurations

Configuration

Both implementations use similar configuration patterns:

MCP Server Configuration (mcp.json)

{
  "mcpServers": {
    "marketer": {
      "url": "https://edge-platform.sitecorecloud.io/mcp/marketer-mcp-prod",
      "auth": {
        "type": "external"
      }
    }
  }
}

Azure OpenAI Configuration

Both support .env (Python) or appsettings.json (.NET) for credentials:

AZURE_OPENAI_ENDPOINT=https://your-resource.openai.azure.com
AZURE_OPENAI_DEPLOYMENT=gpt-5.1-chat
AZURE_OPENAI_API_KEY=your-api-key
AZURE_OPENAI_API_VERSION=2025-01-01-preview

Agent Instructions

External instructions.md files configure agent behavior - simple guidelines for when to use MCP tools. Both frameworks handle automatic tool integration.

Implementation Comparison

Feature	Python	.NET
OAuth 2.1 + PKCE	✅	✅
Token Caching	✅ (24 hours)	✅ (24 hours)
MCP SDK Usage	✅ (MCPStreamableHTTPTool)	✅ (HttpClientTransport)
Tool Discovery	✅ (automatic)	✅ (automatic via SDK)
Tool Execution	✅ (automatic)	✅ (automatic via framework)
Streaming Responses	✅ (word-level)	❌ (preview limitation)
Conversation History	✅	✅

Choose based on your tech stack - both provide the same automatic tool calling capabilities and are production-ready.

⚠️ Security Considerations

Token Caching: Development Only

The current token caching implementation is development only and caches tokens to .mcp_token_cache.json with a 24-hour expiry. This MUST NOT be used in production.

Critical Issues with This Approach:

• ❌ Tokens stored in plain text on disk
• ❌ No encryption
• ❌ No audit logging
• ❌ Accessible to any process on the machine
• ❌ Vulnerable to disk access attacks

Production Architecture Pattern

For real-world applications, separate the agent processing from token management:

┌─────────────────────┐
│   Client (Next.js)  │
│  - User Login (OAuth)
│  - Get Bearer Token │
└──────────┬──────────┘
           │ Bearer Token (in Authorization header)
           ▼
┌─────────────────────┐
│   Service Layer     │
│  - Agent Processing │
│  - MCP Tool Calls   │
│  - Business Logic   │
└─────────────────────┘

Implementation Steps:

1. Client-Side (Next.js, React, etc.)

   • User authenticates via OAuth 2.1 + PKCE
   • Client receives and securely stores access token (httpOnly cookie, secure storage)
   • Pass token to backend via Authorization: Bearer <token> header

2. Service Layer (.NET or Python service)

   • Receives bearer token from client request
   • Uses token directly for MCP tool calls
   • Never stores, caches, or logs tokens
   • Returns results to client
   • Token expires with request context (in-memory only)

3. Token Refresh (if needed)

   • Client handles refresh token flow and gets new access token
   • Passes new token to backend for subsequent requests
   • Service layer remains stateless regarding authentication

Production Requirements

Must Do:

• ✅ Tokens never written to disk
• ✅ Keep tokens in-memory only
• ✅ Use service layer for agent processing
• ✅ Client passes token via Authorization header
• ✅ Implement managed identities where possible
• ✅ Enable token rotation and refresh mechanisms
• ✅ Set shorter token lifetimes (1 hour maximum)
• ✅ Enable comprehensive audit logging at service layer
• ✅ Validate token signatures and expiry

Never Do:

• ❌ Cache tokens to disk (any format)
• ❌ Use plain text file storage
• ❌ Commit token cache files to source control
• ❌ Log token values
• ❌ Store tokens in browser localStorage
• ❌ Share tokens between users or requests

Use Cases

• Content Management - Create, update, and manage Sitecore content items
• Site Administration - Manage sites, pages, and templates
• Marketing Operations - Set up personalization and targeting
• Asset Management - Upload and organize media files
• Multi-language Support - Manage content across multiple languages
• Component Management - Configure page layouts and components

Learn More

Full documentation is available in the repository and Sitecore docs:

• Sitecore Marketer MCP Documentation: Sitecore AI - Marketer MCP
• Python Example: python_example/README.md
• dotnet Example: dotnet_example/README.md
• Microsoft Agent Framework: learn.microsoft.com/agent-framework/
• Model Context Protocol: modelcontextprotocol.io/

---

These examples are production-ready and demonstrate best practices for MCP authentication with the Microsoft Agent Framework. Adapt and extend for your own Sitecore integration needs!