nitro-mcp-server
by peterbud
Overview
This project serves as a Model Context Protocol (MCP) server demonstrating streamable HTTP transport with pluggable authentication providers (Auth0, Microsoft Entra ID) and schema-validated tools/resources.
Installation
pnpm devEnvironment Variables
- NITRO_MCP_SERVER_HOST
- NITRO_MCP_SERVER_PORT
- NITRO_MCP_SERVER_AUTH_ENABLED
- NITRO_MCP_SERVER_AUTH_DEFAULT_PROVIDER
- NITRO_MCP_SERVER_AUTH_PROVIDERS_AUTH0_CLIENT_ID
- NITRO_MCP_SERVER_AUTH_PROVIDERS_AUTH0_CLIENT_SECRET
- NITRO_MCP_SERVER_AUTH_PROVIDERS_AUTH0_DOMAIN
- NITRO_MCP_SERVER_AUTH_PROVIDERS_AUTH0_SCOPE
- NITRO_MCP_SERVER_AUTH_PROVIDERS_ENTRA_TENANT_ID
- NITRO_MCP_SERVER_AUTH_PROVIDERS_ENTRA_CLIENT_ID
- NITRO_MCP_SERVER_AUTH_PROVIDERS_ENTRA_CLIENT_SECRET
- NITRO_MCP_SERVER_AUTH_PROVIDERS_ENTRA_SCOPE
- CONSOLA_LOGGER_LEVEL
- NODE_ENV
Security Notes
CRITICAL: The server relies on local file system storage (fs driver) for `registrationStore` and `authCodeStore` to manage OAuth client registrations, authorization codes, and states. This is fundamentally insecure for production environments as it's vulnerable to local file system attacks and does not support distributed deployments or high availability. The 'Todo' section explicitly mentions a missing cleanup task for expired authorization codes, which is a significant vulnerability for resource exhaustion and potential misuse of stale codes. The `/auth/register` endpoint acts as a DCR proxy without inherent rate limiting, which is noted in the README as a point requiring external protection to prevent abuse.
Similar Servers
frontmcp
Develop and integrate third-party API services using the Model Context Protocol (MCP) framework, enabling AI models to interact with external systems through defined tools, resources, and prompts.
mcp-server-playground
A Model Context Protocol (MCP) server that acts as an OAuth proxy for 3rd party authorization servers like Auth0, provides stateful session management, and exposes various tools for system time, streaming, project keyword searching, and AWS services (S3, ECS, CloudWatch Logs, Bedrock).
mcp-servers
Provides current weather conditions and forecasts from the Open-Meteo API for a given geographical location.
mcp-typescript-simple
A production-ready MCP (Model Context Protocol) server for building AI agent backends, offering dual-mode operation (STDIO + Streamable HTTP with OAuth), multi-LLM integration, and comprehensive observability.