hono-oauth-mcp
Verified Safeby IntranetFactory
Overview
A Hono-based MCP (Model Context Protocol) server for AI models that integrates with any MCP-compliant OAuth2 server for authentication.
Installation
deno run --allow-net --allow-env --watch src/index.deno.tsEnvironment Variables
- AUTH_SERVER_URL
- SUPABASE_URL
Security Notes
The server's `bearerAuth` middleware explicitly delegates token verification to a downstream service (e.g., PostGREST), only checking if the token string is non-empty (`!!token`). For Supabase deployments, `verify_jwt = false` is configured, meaning Supabase itself will not validate the JWT. This design choice makes the security of this server entirely dependent on the correct configuration and enforcement of token validation by an *external* authorization service. If deployed without such a service, or if the external service is misconfigured or bypassed, any non-empty bearer token will be accepted, posing a significant security risk.
Similar Servers
mcp-openapi-server
A Model Context Protocol (MCP) server that exposes OpenAPI endpoints as MCP tools, along with optional support for MCP prompts and resources, enabling Large Language Models to interact with REST APIs.
example-remote-server
A reference server demonstrating all Model Context Protocol (MCP) features and OAuth 2.0 authentication patterns.
mcp-tools
Provides a TypeScript library to simplify building Model Context Protocol (MCP) clients and servers, enabling AI applications to securely access private user data through OAuth-based authentication flows.
mcp-typescript-simple
Production-ready MCP (Model Context Protocol) server with dual-mode operation (STDIO & HTTP), multi-LLM integration, and OAuth authentication, designed for horizontal scalability and comprehensive observability.