mcp-compose
Verified Safeby datalayer
Overview
This server provides a robust example of OAuth2 authentication for MCP (Model Context Protocol) servers, using GitHub as the identity provider. It demonstrates secure multi-server management, protocol translation, and integration with AI agents for tool invocation.
Installation
make startEnvironment Variables
- ANTHROPIC_API_KEY
- JWT_SIGN_KEY
Security Notes
The project demonstrates good security practices such as PKCE, state parameter for CSRF protection, resource indicators for token binding, and token validation for every request. Bearer tokens are correctly used in headers. However, for development, a JWT signing key is hardcoded ('dev_sign_key_change_in_production') and CORS allows all origins ('*'), which should be updated for production environments. SSL verification is also optionally bypassed for localhost development. These are explicitly noted in the code and documentation as development-specific or TODOs for production.
Similar Servers
mcphub
An orchestration hub that aggregates, manages, and routes Model Context Protocol (MCP) servers and their tools, providing a centralized interface, user management, OAuth 2.0 authorization server capabilities, and AI-powered tool discovery and routing.
mcpm.sh
MCPM is a command-line tool for managing Model Context Protocol (MCP) servers, enabling discovery, installation, execution, sharing, and integration with various MCP clients.
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
1xn-vmcp
An open-source platform for composing, customizing, and extending multiple Model Context Protocol (MCP) servers into a single logical, virtual MCP server, enabling fine-grained context engineering for AI workflows and agents.