MCP.so
Sign In

MCP with OAuth

@akshay12390

About MCP with OAuth

Reference https://github.com/spring-projects/spring-ai-examples/tree/main/model-context-protocol/weather/starter-webmvc-oauth2-server

Basic information

Category

Media & Design

Runtime

java

Transports

stdio

Publisher

akshay12390

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "mcp-weather-oauth2-server": {
      "command": "npx",
      "args": [
        "@modelcontextprotocol/[email protected]"
      ]
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is MCP with OAuth?

MCP with OAuth is a sample project that demonstrates how to secure an MCP (Model Context Protocol) server using OAuth2, following the MCP specification’s authorization section. It is intended for developers who need to add OAuth2 authentication to an MCP server.

How to use MCP with OAuth?

Run the project with ./mvnw spring-boot:run. Obtain tokens via client credentials or auth code (PKCE). For client credentials, call /oauth2/token with grant_type=client_credentials and authenticate as mcp-client:secret. For PKCE, first run pkce_generator.py and then token_request.py. Use the token with the MCP inspector (npx @modelcontextprotocol/[email protected]) by pasting it and clicking connect.

Key features of MCP with OAuth

  • OAuth2 client credentials flow support
  • OAuth2 authorization code with PKCE flow
  • Token issuance via Spring Authorization Server
  • Token validation using Spring Security Resource Server
  • Ready-to-run Spring Boot sample
  • MCP Inspector integration for testing

Use cases of MCP with OAuth

  • Securing MCP server endpoints with OAuth2 tokens
  • Implementing machine-to-machine communication using client credentials
  • Enabling browser-based authentication for MCP clients with PKCE
  • Testing and verifying OAuth2-secured MCP servers with the MCP Inspector

FAQ from MCP with OAuth

What dependencies are needed to add OAuth2 to an MCP server?

The sample uses Spring Security (infrastructure), Spring Authorization Server (token issuance), and Spring Security OAuth2 Resource Server (token-based authentication).

How long are access tokens valid?

Tokens are valid for 15 minutes.

Does the sample support reactive (WebFlux) token issuance?

No. Spring Authorization Server does not support the reactive stack, so issuing tokens only works in Servlet environments.

How can I test my OAuth2-secured MCP server?

Store the token obtained from the /oauth2/token endpoint, boot the MCP inspector (npx @modelcontextprotocol/[email protected]), paste the token, and click connect.

Comments

More Media & Design MCP servers