Back to Home
Diags icon

mcp-server-oauth2

Verified Safe

by Diags

View Source

Overview

A complete microservices architecture for Model Context Protocol (MCP) with OAuth2 security, built on Spring Boot 3.4.0 and Spring AI 1.0.1.

Installation

Run Command
No command provided

Environment Variables

  • OPENAI_API_KEY
  • SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI
  • SPRING_DATASOURCE_URL
  • SPRING_DATASOURCE_USERNAME
  • SPRING_DATASOURCE_PASSWORD
  • SPRING_VECTOR_DATASOURCE_URL
  • SPRING_VECTOR_DATASOURCE_USERNAME
  • SPRING_VECTOR_DATASOURCE_PASSWORD
  • SPRING_MINIO_URL
  • SPRING_MINIO_ACCESS_KEY
  • SPRING_MINIO_SECRET_KEY
  • SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_AUTHSERVER_ISSUER_URI
  • SPRING_AI_MCP_CLIENT_STREAMABLE_HTTP_CONNECTIONS_MATH_SERVER_URL
  • REDIS_HOST
  • REDIS_PORT
  • KEYCLOAK_JWK_SET_URI
  • SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_KEYCLOAK_ISSUER_URI
  • KEYCLOAK_ADMIN
  • KEYCLOAK_ADMIN_PASSWORD

Security Notes

Multiple critical security risks for production environments are present. Hardcoded credentials for Keycloak (admin/admin), MinIO (minioadmin/minioadmin123), PostgreSQL (meta/metapass, vector/vectorpass), and the OAuth2 client secret ('secret') are found in `docker-compose.yml`, `keycloak/realm-config.json`, and initialization scripts. Additionally, SSL certificate verification is explicitly disabled across `mcp-server`, `mcp-client`, and `gateway-server` for development convenience with self-signed certificates. While these are documented as development-only practices, they represent significant vulnerabilities if deployed without modification. CSRF protection is disabled for API services, which is common with JWTs but should be noted. Fine-grained authorization with `@PreAuthorize` is a positive aspect for internal access control.

Similar Servers

example-remote-server

62

A reference server demonstrating all Model Context Protocol (MCP) features and OAuth 2.0 authentication patterns.

Other
9
$Medium

spring-boot-ai

7

A Spring Boot application implementing a Model Context Protocol (MCP) server that provides a remote 'Booking Tool' for an AI agent.

Other
7
$Medium

oauth2-authorization-server

5

An OAuth2 Authorization Server managing user authentication, user data, PostgreSQL to Oracle database migration/scripting, AI chat with various models, file storage, and Excel processing.

Other
9
$Medium

springai-mcp-gateway

4

An OAuth 2.1 secured Spring AI MCP gateway enabling ChatGPT Connectors to interact with local development tools via a streamable HTTP endpoint.

Other
6
$Low

Stats

Interest Score0
Security Score3
Cost ClassHigh
Avg Tokens750
Stars0
Forks0
Last Update2025-12-02

Tags

microservicesOAuth2Spring BootSpring AILLMRAGKeycloak