mcp-server--HTTP-API-integrated-with-windsurf
Verified Safeby VIGNESH-2232005
Overview
Manages employee data via an HTTP API, secured with Google OAuth, and integrated as an MCP server for AI agents.
Installation
npm startEnvironment Variables
- GOOGLE_CLIENT_ID
- GOOGLE_CLIENT_SECRET
- PORT
Security Notes
Google Client ID and Secret are loaded from environment variables, which is good practice. The server saves the Google ID token to a local '.token' file; this file should have strict permissions to prevent unauthorized access. The `src/bridge.js` (used for Windsurf integration) immediately calls `logout()` after *every* successful tool execution or resource access, which deletes the local token file. This design forces re-authentication via a browser for every single subsequent interaction, making the session extremely ephemeral and enhancing security by limiting token lifetime, but at a significant cost to usability.
Similar Servers
example-remote-server
A reference server demonstrating all Model Context Protocol (MCP) features and OAuth 2.0 authentication patterns.
mcp-tools
Provides a TypeScript library to simplify building Model Context Protocol (MCP) clients and servers, enabling AI applications to securely access private user data through OAuth-based authentication flows.
stateful-auth-for-mcp-servers
Integrates Google Gmail and Calendar APIs to enable an AI agent to read emails and manage calendar events with stateful authorization for event deletions.
mcp_server-with-google-OAuth
This server provides tools for managing employee records (list, add, update, delete) and integrates Google OAuth for authentication, making its functionalities accessible via the Model Context Protocol.