MCP with OAuth
@akshay12390
About MCP with OAuth
Reference https://github.com/spring-projects/spring-ai-examples/tree/main/model-context-protocol/weather/starter-webmvc-oauth2-server
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"mcp-weather-oauth2-server": {
"command": "npx",
"args": [
"@modelcontextprotocol/[email protected]"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is MCP with OAuth?
MCP with OAuth is a sample project that demonstrates how to secure an MCP (Model Context Protocol) server using OAuth2, following the MCP specification’s authorization section. It is intended for developers who need to add OAuth2 authentication to an MCP server.
How to use MCP with OAuth?
Run the project with ./mvnw spring-boot:run. Obtain tokens via client credentials or auth code (PKCE). For client credentials, call /oauth2/token with grant_type=client_credentials and authenticate as mcp-client:secret. For PKCE, first run pkce_generator.py and then token_request.py. Use the token with the MCP inspector (npx @modelcontextprotocol/[email protected]) by pasting it and clicking connect.
Key features of MCP with OAuth
- OAuth2 client credentials flow support
- OAuth2 authorization code with PKCE flow
- Token issuance via Spring Authorization Server
- Token validation using Spring Security Resource Server
- Ready-to-run Spring Boot sample
- MCP Inspector integration for testing
Use cases of MCP with OAuth
- Securing MCP server endpoints with OAuth2 tokens
- Implementing machine-to-machine communication using client credentials
- Enabling browser-based authentication for MCP clients with PKCE
- Testing and verifying OAuth2-secured MCP servers with the MCP Inspector
FAQ from MCP with OAuth
What dependencies are needed to add OAuth2 to an MCP server?
The sample uses Spring Security (infrastructure), Spring Authorization Server (token issuance), and Spring Security OAuth2 Resource Server (token-based authentication).
How long are access tokens valid?
Tokens are valid for 15 minutes.
Does the sample support reactive (WebFlux) token issuance?
No. Spring Authorization Server does not support the reactive stack, so issuing tokens only works in Servlet environments.
How can I test my OAuth2-secured MCP server?
Store the token obtained from the /oauth2/token endpoint, boot the MCP inspector (npx @modelcontextprotocol/[email protected]), paste the token, and click connect.
More Media & Design MCP servers
Figma MCP Server
JayArrowzFigma MCP Server with full API functionality
YouTube Transcript Server
kimtaeyoon83This is an MCP server that allows you to directly download transcripts of YouTube videos.
Design Systems Mcp
southleftI'm your specialized design systems assistant. Ask me about components, tokens, patterns, and best practices.
Game Asset Generator using MCP and Hugging Face Spaces
MubarakHAlketbiAn MCP server for creating 2D/3D game assets from text using Hugging Face AI models.
NS Travel Information MCP Server
r-huijtsA Model Context Protocol (MCP) server that provides access to NS (Dutch Railways) travel information through Claude AI. This server enables Claude to fetch real-time train travel information and disruptions using the official Dutch NS API.
Comments