spotify-streamable-mcp-server
Verified Safeby iceener
Overview
Provides an LLM-friendly interface to control Spotify playback, search music, and manage playlists/saved songs, enabling voice control and smart-home automations.
Installation
bun startEnvironment Variables
- SPOTIFY_CLIENT_ID
- SPOTIFY_CLIENT_SECRET
- OAUTH_SCOPES
- OAUTH_REDIRECT_URI
- OAUTH_REDIRECT_ALLOWLIST
- RS_TOKENS_ENC_KEY
Security Notes
The core OAuth 2.1 PKCE implementation and encrypted token storage (for Node.js/Bun file system and Cloudflare Workers KV) are well-engineered. Rate limiting and concurrency control are present. However, the `isAllowedOrigin` function in `src/shared/mcp/security.ts` defaults to allowing *any origin* in production, which is a significant vulnerability if deployed publicly without customization. The default permissive CORS (`*`) also requires hardening for production. The README provides a clear warning about hardening for remote deployment, but the default implementation is insecure for public-facing use.
Similar Servers
spotify-mcp-server
Enables AI assistants to control Spotify playback and manage playlists via the Model Context Protocol (MCP).
discogs-mcp-server
MCP Server for the Discogs API, enabling music catalog operations, search functionality, and more.
tuisic
A terminal-based online music streaming application that provides an MCP (Model Context Protocol) server for AI integration, allowing AI clients to control music playback and search.
youtube-music-mcp-server
Full-featured MCP server for YouTube Music to search, manage playlists, and create smart recommendations through AI assistants.