mcp-oauth-server
Verified Safeby wille
Overview
OAuth 2.1 Authorization Server implementation for the Model Context Protocol (MCP) to manage client and user authentication.
Installation
pnpm example:serverSecurity Notes
The server implements OAuth 2.1 with PKCE for secure authorization flows. It utilizes `zod` for robust input validation of request parameters, preventing common web vulnerabilities. Rate limiting is configurable to mitigate abuse. Token generation and challenge validation employ cryptographic functions (`crypto`). The architecture supports an extensible storage model, with a memory-backed option for development (requiring a custom, persistent model for production). Error handling is explicitly defined for various OAuth flow steps. No obvious 'eval' or hardcoded secrets were found.
Similar Servers
mcp-openapi-server
Exposes OpenAPI endpoints as Model Context Protocol (MCP) tools, enabling Large Language Models (LLMs) to discover and interact with REST APIs through a standardized protocol.
frontmcp
Develop and integrate third-party API services using the Model Context Protocol (MCP) framework, enabling AI models to interact with external systems through defined tools, resources, and prompts.
mcp-tools
This library provides utilities for developers to build MCP (Model Context Protocol) clients and servers, facilitating secure authentication and data access for AI applications, particularly with Clerk integration.
oauth-mcp-proxy
Provides server-side OAuth 2.1 authentication for Go Model Context Protocol (MCP) servers, supporting both mark3labs/mcp-go and official go-sdk.