Back office ops · Production

BrainGrid solves MCP multi-tenant authentication with Redis session caching and WorkOS OAuth

The problem

MCP servers that work locally fail under multi-tenant serverless deployments because serverless platforms have no session persistence, forcing customers to re-authenticate on every new instance. Without shared session state, each JWT validation adds significant latency per request.

First attempt

Storing sessions in an in-memory Map fails in serverless environments because each new instance starts with empty state. Full JWT validation on every request without a shared cache adds 50-100ms per request and increases costs significantly.

Workflow diagram · grounded in source
1
Request with bearer token
trigger
“// Extract bearer token”
2
Fast-path JWT decode
validation
“// Fast path: Try to decode JWT for userId”
3
Redis session cache lookup
integration
“// Try cache if we have a userId”
4
Full JWT validation via WorkOS JWKS
validation
“Cache miss, performing JWT validation”
5
Encrypted session stored in Redis
output
“// Store for next time”
Reported outcome

BrainGrid's MCP server now authenticates once and works across all serverless instances by using an encrypted Redis session store and a fast-path/slow-path authentication middleware, serving hundreds of developers in production.

Reported metrics
JWT validation overhead per request (naive approach)50-100ms
User scale supportedScales from 1 to 1000 users
Operational costCosts pennies to run
Production users servedhundreds of developers
Reported stack
FastMCPWorkOSRedisioredisjosepinoDataDognode-dogstatsd
Source
https://www.braingrid.ai/blog/how-we-solved-mcp-authentication
Read source ↗

Frequently asked questions

What did this team achieve with this AI workflow?

BrainGrid's MCP server now authenticates once and works across all serverless instances by using an encrypted Redis session store and a fast-path/slow-path authentication middleware, serving hundreds of developers in…

What tools did this team use?

FastMCP, WorkOS, Redis, ioredis, jose, pino, DataDog, node-dogstatsd.

What results were reported?

JWT validation overhead per request (naive approach): 50-100ms; User scale supported: Scales from 1 to 1000 users; Operational cost: Costs pennies to run; Production users served: hundreds of developers (source-reported, not independently verified).

What failed first in this deployment?

Storing sessions in an in-memory Map fails in serverless environments because each new instance starts with empty state.

How is this back office ops AI workflow structured?

Request with bearer token → Fast-path JWT decode → Redis session cache lookup → Full JWT validation via WorkOS JWKS → Encrypted session stored in Redis.