MCP Server Demo: OAuth, TypeScript & Firestore Patterns
@portal-labs-infrastructure
Example of a MCP implementation using TypeScript and OAuth.
概要
What is MCP Server Demo: OAuth, TypeScript & Firestore Patterns?
This repository provides a stripped-down, illustrative implementation of a Model Context Protocol (MCP) server that showcases architectural patterns, security considerations (OAuth 2.0), and development practices (TypeScript, Firestore, Zod). It is intended as a learning resource for developers building secure, multi-tenant MCP resource servers.
How to use MCP Server Demo: OAuth, TypeScript & Firestore Patterns?
Clone the repository, install dependencies with npm install, copy .env.example to .env and configure the required values (Firestore project ID, OAuth issuer URL, base URL). Run in development mode with npm run dev or build and start with npm run build then npm start. The server typically starts on http://localhost:8080.
Key features of MCP Server Demo: OAuth, TypeScript & Firestore Patterns
- MCP TypeScript SDK integration for core server setup.
- OAuth 2.0 Bearer token validation via SDK middleware.
- Workspace context management with explicit
workspace_id. - Firestore integration using emulators for local development.
- Zod for input schema definition and runtime validation.
- TypeScript for type-safe, robust code.
Use cases of MCP Server Demo: OAuth, TypeScript & Firestore Patterns
- Learning to build a secure, multi-tenant MCP resource server.
- Understanding OAuth 2.0 integration for MCP tool security.
- Exploring patterns for workspace context and multi-tenancy.
- Seeing Zod and TypeScript applied in an MCP context.
FAQ from MCP Server Demo: OAuth, TypeScript & Firestore Patterns
Is this a production-ready server?
No. This demo is NOT a production-ready, plug-and-play server. It omits specific business logic and assumes a pre-existing OAuth Authorization Server.
What are the prerequisites?
Node.js v18.x or later, npm or yarn, a Google Cloud Project with Firestore enabled (or Firestore Emulator), and an existing OAuth 2.0 Authorization Server.
How does OAuth work in this demo?
The server acts as the MCP Resource Server and expects OAuth 2.0 Bearer tokens issued by a separate Authorization Server. It validates tokens using the MCP SDK middleware and the withWorkspaceAccess Higher-Order Component.
What is the architectural overview?
The client sends HTTPS requests with a Bearer token to this Node.js/TypeScript server. The MCP SDK middleware extracts the token, the withWorkspaceAccess HOC validates workspace access using the userId, and then the tool handler interacts with Firestore.
How do I run with the Firestore emulator?
Install and configure the Google Cloud SDK, start the emulator with gcloud emulators firestore start --host-port=localhost:8081, and run the server. The server connects to the emulator automatically based on environment variables or gcloud configuration.