oauth-mcp-proxy
Verified Safeby tuannvm
Overview
OAuth 2.1 authentication library for Go MCP servers, supporting both mark3labs and official SDKs for token validation and caching.
Installation
go run examples/official/simple/main.goEnvironment Variables
- OAUTH_PROVIDER
- OIDC_ISSUER
- OIDC_AUDIENCE
- JWT_SECRET
- OAUTH_CLIENT_ID
- OAUTH_CLIENT_SECRET
- SERVER_URL
- OAUTH_REDIRECT_URIS
- HTTPS_CERT_FILE
- HTTPS_KEY_FILE
Security Notes
The project demonstrates a strong focus on security, including PKCE support, HMAC-signed state parameters to prevent tampering, explicit redirect URI validation (allowlist and localhost-only for fixed redirect mode), and secure TLS configurations. It logs truncated token hashes instead of full tokens. Extensive security tests are present. A minor area for improvement is a logged warning about an 'insecure-fallback-key' if JWT_SECRET is not configured for state signing, although it correctly prompts for a strong secret.
Similar Servers
example-remote-server
A reference server demonstrating all Model Context Protocol (MCP) features and OAuth 2.0 authentication patterns.
sagemcp
A scalable platform for hosting Multi-tenant Model Context Protocol (MCP) servers with multi-tenant support, OAuth integration, and connector plugins for various services.
mcp-server-playground
A playground and reference implementation for a Model Context Protocol (MCP) server, featuring streamable HTTP transport, OAuth proxy for third-party authorization servers like Auth0, and stateful session management.
mcp-s-oauth
Universal OAuth middleware for MCP (Model Context Protocol) servers, enabling authentication with various OAuth providers.