simple_mcp_server
Verified Safeby mokcontoro
Overview
A minimal MCP (Model Context Protocol) server providing echo and ping tools, designed for integration with ChatGPT using a custom OAuth 2.1 authorization server with Supabase for user authentication.
Installation
uvicorn main:app --reloadEnvironment Variables
- SUPABASE_URL
- SUPABASE_ANON_KEY
- SUPABASE_JWT_SECRET
- SERVER_URL
- JWT_SECRET
Security Notes
The server implements its own OAuth 2.1 authorization server with PKCE, which is a good security practice. User authentication is delegated to Supabase, enhancing security. However, access tokens and authorization codes are stored in-memory, making them non-persistent across server restarts, which is a functional limitation (not a direct security vulnerability, but impacts session management). The CORS policy is highly permissive ('*'), which is common for AI integrations but broad. There are no obvious 'eval' or similar dangerous functions, nor hardcoded secrets beyond environment variable defaults.
Similar Servers
SageMCP
A scalable platform for hosting MCP servers with multi-tenant support, OAuth integration, and connector plugins for various services, deployed on Kubernetes.
mcp-proxy-saas
An API gateway/proxy for Model Context Protocol (MCP) servers, providing authentication, security, and logging for multi-tenant applications.
mcp-forge-python
A production-ready MCP (Model Context Protocol) server template for building AI-powered applications with OAuth 2.0 authentication and JWT validation.
fastmcp-server
A production-ready Model Context Protocol (MCP) server enabling AI agents to execute secure tools with OAuth 2.0 authentication.