MCP-OAuth-Compliance
Verified Safeby gazzadownunder
Overview
A web-based tool for testing MCP server OAuth compliance with various RFCs (9728, 8414, 7591, 9068, 7519, 7515), OAuth 2.1, and the MCP 2025-11-25 specification.
Installation
npx github:gazzadownunder/mcp-oauth-complianceSecurity Notes
The project is a compliance tester, which inherently requires some flexibility regarding security checks (e.g., allowing self-signed certificates by default for testing). This behavior is well-documented, generates warnings, and can be overridden for strict enforcement. There are no indications of 'eval', obfuscation, hardcoded secrets (user-provided secrets are expected for the systems being tested), or other malicious patterns. Network risks related to HTTP connections to non-localhost servers are mitigated by requiring an explicit configuration option ('allowHttpMcpConnection'). Overall, it appears safe for its intended purpose of testing compliance.
Similar Servers
agent-identity-management
A production-ready identity verification and security platform for AI agents and Model Context Protocol (MCP) servers, providing cryptographic identity, access control, and real-time threat detection.
oauth-mcp-proxy
OAuth 2.1 authentication library for Go MCP servers, supporting both mark3labs and official SDKs for token validation and caching.
oauth2-authorization-server
An OAuth2 Authorization Server managing user authentication, user data, PostgreSQL to Oracle database migration/scripting, AI chat with various models, file storage, and Excel processing.
mcp-s-oauth
Universal OAuth middleware for MCP (Model Context Protocol) servers, enabling authentication with various OAuth providers.