mcp-server-remote
Verified Safeby kym6464
Overview
A remote Model Context Protocol (MCP) server demonstrating Google OAuth as an identity provider for authentication and serving basic AI tools and resources over Streamable HTTP.
Installation
pnpm run devEnvironment Variables
- GOOGLE_CLIENT_ID
- GOOGLE_CLIENT_SECRET
- MCP_PORT
- MCP_AUTH_PORT
- DISABLE_AUTH
Security Notes
The server implements OAuth 2.0 flows using Google's official client library, ensuring standard and secure authentication practices. Sensitive credentials (Google Client ID/Secret) are correctly externalized via environment variables, preventing hardcoding. The in-memory client store for Dynamic Client Registration (DCR) is acceptable for a demonstration, but a production environment would require a persistent store. The use of a wildcard `*` for the CORS `origin` header is common for demos but should be restricted to specific trusted domains in a production setup to mitigate potential cross-site scripting (XSS) risks. No 'eval' or other malicious patterns, or obfuscation were found in the provided source code.
Similar Servers
boilerplate-mcp-server
Provides a production-ready foundation for developing custom Model Context Protocol (MCP) servers in TypeScript to connect AI assistants with external APIs and data sources, exemplified by an IP geolocation tool.
example-remote-server
A reference server demonstrating all Model Context Protocol (MCP) features and OAuth 2.0 authentication patterns.
oauth-mcp-proxy
OAuth 2.1 authentication library for Go MCP servers, supporting both mark3labs and official SDKs for token validation and caching.
mcp-server-playground
A playground and reference implementation for a Model Context Protocol (MCP) server, featuring streamable HTTP transport, OAuth proxy for third-party authorization servers like Auth0, and stateful session management.