MCP.so
ログイン

MCP with OAuth

@akshay12390

MCP with OAuth について

Reference https://github.com/spring-projects/spring-ai-examples/tree/main/model-context-protocol/weather/starter-webmvc-oauth2-server

基本情報

カテゴリ

メディアとデザイン

ランタイム

java

トランスポート

stdio

公開者

akshay12390

設定

以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。

{
  "mcpServers": {
    "mcp-weather-oauth2-server": {
      "command": "npx",
      "args": [
        "@modelcontextprotocol/[email protected]"
      ]
    }
  }
}

ツール

ツールは検出されませんでした

ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。

概要

What is MCP with OAuth?

MCP with OAuth is a sample project that demonstrates how to secure an MCP (Model Context Protocol) server using OAuth2, following the MCP specification’s authorization section. It is intended for developers who need to add OAuth2 authentication to an MCP server.

How to use MCP with OAuth?

Run the project with ./mvnw spring-boot:run. Obtain tokens via client credentials or auth code (PKCE). For client credentials, call /oauth2/token with grant_type=client_credentials and authenticate as mcp-client:secret. For PKCE, first run pkce_generator.py and then token_request.py. Use the token with the MCP inspector (npx @modelcontextprotocol/[email protected]) by pasting it and clicking connect.

Key features of MCP with OAuth

  • OAuth2 client credentials flow support
  • OAuth2 authorization code with PKCE flow
  • Token issuance via Spring Authorization Server
  • Token validation using Spring Security Resource Server
  • Ready-to-run Spring Boot sample
  • MCP Inspector integration for testing

Use cases of MCP with OAuth

  • Securing MCP server endpoints with OAuth2 tokens
  • Implementing machine-to-machine communication using client credentials
  • Enabling browser-based authentication for MCP clients with PKCE
  • Testing and verifying OAuth2-secured MCP servers with the MCP Inspector

FAQ from MCP with OAuth

What dependencies are needed to add OAuth2 to an MCP server?

The sample uses Spring Security (infrastructure), Spring Authorization Server (token issuance), and Spring Security OAuth2 Resource Server (token-based authentication).

How long are access tokens valid?

Tokens are valid for 15 minutes.

Does the sample support reactive (WebFlux) token issuance?

No. Spring Authorization Server does not support the reactive stack, so issuing tokens only works in Servlet environments.

How can I test my OAuth2-secured MCP server?

Store the token obtained from the /oauth2/token endpoint, boot the MCP inspector (npx @modelcontextprotocol/[email protected]), paste the token, and click connect.

コメント

「メディアとデザイン」の他のコンテンツ