mcpkit
Verified Safeby agentplexus
Overview
A toolkit for building MCP (Model Context Protocol) applications and servers in Go, supporting both direct in-process function calls (library mode) and standard MCP transports (server mode) with OAuth 2.1 authentication.
Installation
go run main.goEnvironment Variables
- NGROK_AUTHTOKEN
Security Notes
The project implements OAuth 2.1 with PKCE, Dynamic Client Registration (DCR), and Protected Resource Metadata (RFC 9728, 8414, 7591, 7636). It utilizes cryptographically secure token generation (`crypto/rand`) and constant-time comparisons (`crypto/subtle`) for sensitive operations. A critical open URL redirect vulnerability (CWE-601) in the `isValidRedirectURI` function was identified and promptly fixed in v0.3.1, demonstrating a proactive approach to security. The `oauth2.Config` allows for basic authentication via a `Users` map, which requires careful management of credentials by the implementer, though a custom `Authenticator` can be provided for more robust solutions. `ngrok` integration requires a securely managed `NGROK_AUTHTOKEN`.
Similar Servers
mcp-k8s-go
This MCP server enables interaction with Kubernetes clusters to list, get, apply, and execute commands on various resources through a conversational interface.
rust-mcp-sdk
A high-performance, asynchronous Rust SDK for building Model Context Protocol (MCP) servers and clients, supporting various transports and authentication methods.
k8s-mcp-server
Interacting with Kubernetes clusters and Helm releases through a standardized Model Context Protocol (MCP) interface.
oauth-mcp-proxy
OAuth 2.1 authentication library for Go MCP servers, supporting both mark3labs and official SDKs for token validation and caching.