paymcp-subscription-demo-py
Verified Safeby PayMCP
Overview
A sample Model Context Protocol (MCP) server demonstrating how to gate access to tools behind active Stripe subscriptions with OAuth/OIDC authentication.
Installation
pdm run server.pyEnvironment Variables
- HOST
- PORT
- OIDC_ISSUER
- AUTH_HOST
- AUTH_PORT
- AUTH_REALM
- OAUTH_CLIENT_ID
- OAUTH_CLIENT_SECRET
- STRIPE_SECRET_KEY
- STRIPE_SUBSCRIPTION_ID
Security Notes
The server uses `os.getenv` for all sensitive configuration values, preventing hardcoded secrets. OAuth/OIDC token verification is implemented using standard JWT decoding and JWKS fetching. Custom logic for issuer and audience validation correctly handles variations from different providers (Auth0, Keycloak, generic OIDC), including array audiences and trailing slash inconsistencies. No 'eval' or malicious patterns were found. The primary risk would be misconfiguration of the OAuth provider or Stripe details, which is external to the code.
Similar Servers
mcp-servers
A curated collection of Model Context Protocol (MCP) server configurations to integrate various developer tools and services with AI agents.
example-remote-server
A reference server demonstrating all Model Context Protocol (MCP) features and OAuth 2.0 authentication patterns.
sagemcp
A scalable platform for hosting Multi-tenant Model Context Protocol (MCP) servers with multi-tenant support, OAuth integration, and connector plugins for various services.
mcp-server-playground
A playground and reference implementation for a Model Context Protocol (MCP) server, featuring streamable HTTP transport, OAuth proxy for third-party authorization servers like Auth0, and stateful session management.