hono-oauth-mcp
Verified Safeby IntranetFactory
Overview
A Hono-based Model Context Protocol (MCP) server that integrates with any MCP-compliant OAuth2 server for authentication, deployable across Supabase Edge Functions, Cloudflare Workers, and Deno Deploy.
Installation
deno task devEnvironment Variables
- AUTH_SERVER_URL
- SUPABASE_URL
Security Notes
The server's bearer token verification (`verifyToken: (token: string) => { return !!token; }`) only checks for the presence of a token, not its validity. This design relies on a downstream service (e.g., Supabase PostgREST) or the OAuth client's interaction with the authorization server to perform actual JWT validation. For Supabase Edge Functions, `verify_jwt = false` is explicitly set, confirming this delegated security model. The `cors` configuration is permissive (`origin: (origin) => origin`), which may need tightening in production environments depending on direct browser access requirements. No 'eval', hardcoded secrets, or malicious patterns were found in the provided source code.
Similar Servers
mcp-openapi-server
A Model Context Protocol (MCP) server that exposes OpenAPI endpoints as MCP tools, along with optional support for MCP prompts and resources, enabling Large Language Models to interact with REST APIs.
example-remote-server
A reference server demonstrating all Model Context Protocol (MCP) features and OAuth 2.0 authentication patterns.
mcp-tools
Provides a TypeScript library to simplify building Model Context Protocol (MCP) clients and servers, enabling AI applications to securely access private user data through OAuth-based authentication flows.
mcp-typescript-simple
Production-ready MCP (Model Context Protocol) server with dual-mode operation (STDIO & HTTP), multi-LLM integration, and OAuth authentication, designed for horizontal scalability and comprehensive observability.