example-remote-server
Verified Safeby modelcontextprotocol
Overview
A reference server demonstrating all Model Context Protocol (MCP) features and OAuth 2.0 authentication patterns.
Installation
npm run dev:internalEnvironment Variables
- AUTH_MODE
- AUTH_SERVER_URL
- PORT
- BASE_URI
- REDIS_URL
- REDIS_PASSWORD
- REDIS_TLS
Security Notes
The server implements OAuth 2.0 with PKCE, robust token validation via introspection, and secure session management with user isolation. It utilizes environment variables for sensitive configuration and includes rate limiting for authentication and static assets. Permissive CORS is intentionally enabled for a public reference server to facilitate testing, but should be tightened for production deployments. No hardcoded secrets, obfuscation, or explicit malicious patterns were identified. Duplicate authorization code usage is detected and leads to token revocation, preventing replay attacks.
Similar Servers
mcp-servers
A curated collection of Model Context Protocol (MCP) server configurations to integrate various developer tools and services with AI agents.
mcp-server-playground
A playground and reference implementation for a Model Context Protocol (MCP) server, featuring streamable HTTP transport, OAuth proxy for third-party authorization servers like Auth0, and stateful session management.
mcp-oauth-server
This server provides an OAuth 2.1 Authorization Server implementation, compliant with the MCP Authorization Spec, to handle authentication and authorization for MCP clients and resource servers.
mcp-servers
Provides current weather conditions and forecasts from the Open-Meteo API for a given geographical location.