mcp-oauth-mcpserver-blueprint
by huberp
Overview
MCP server with OAuth 2.1 authentication for secure GitHub API access, designed to run locally in MCP hosts like Visual Studio Code.
Installation
docker-compose upEnvironment Variables
- OAUTH_CLIENT_ID
- OAUTH_CLIENT_SECRET
- OAUTH_AUTHORIZATION_URL
- OAUTH_TOKEN_URL
- OAUTH_SCOPES
- API_BASE_URL
- API_TIMEOUT
- SERVER_NAME
- SERVER_VERSION
- LOG_LEVEL
- SERVER_HOST
- SERVER_PORT
- SERVER_PATH
- OAUTH_REDIRECT_URI
- ENVIRONMENT
- DEBUG
- OAUTH_ISSUER
- OAUTH_GRANT_TYPES_SUPPORTED
- OAUTH_CODE_CHALLENGE_METHODS_SUPPORTED
- OAUTH_RESPONSE_TYPES_SUPPORTED
- OAUTH_TOKEN_ENDPOINT_AUTH_METHODS
Security Notes
Critical vulnerabilities exist in the current implementation that make it unsafe for production or external deployment: In-memory OAuth session storage (lost on restart, not scalable, susceptible to session fixation/hijacking); lack of robust server-side token expiry validation and automated refresh; and missing rate limiting. The default HTTP transport is unencrypted, exposing OAuth tokens and making it vulnerable to Man-in-the-Middle attacks if not behind a secure HTTPS reverse proxy (explicitly warned in documentation). Additionally, input validation is not comprehensive for all tool parameters, and audit logging is missing. Generic exception catching is also present in some areas.
Similar Servers
fastapi_mcp
Automatically converts FastAPI endpoints into Model Context Protocol (MCP) tools for seamless integration with LLM agents.
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.
mcp-context-forge
Converts web content (HTML, PDF, DOCX, etc.) and local files from a URL into high-quality Markdown format. It supports multiple conversion engines, content optimization, batch processing, and image handling.
SageMCP
A scalable platform for hosting MCP servers with multi-tenant support, OAuth integration, and connector plugins for various services, deployed on Kubernetes.