Simple MCP Server with upstream auth via local rest endpoint
@BarDweller
A sandbox for MCP server prototyping
Overview
What is Simple MCP Server with upstream auth via local rest endpoint?
This is a prototype MCP server that offers tools but limits their access based on internal state. Users must authenticate via an external URL that uses Quarkus OIDC with GitHub OAuth. The resulting access token is stored per session ID.
How to use Simple MCP Server with upstream auth via local rest endpoint?
Install JBang and create a GitHub OAuth App with the callback URL set to http://127.0.0.1:8080/auth. Copy the client ID and secret into application.properties. Then configure your MCP client (e.g., Claude Desktop) to run the JBang command jbang --quiet org.ozzy:stiletto:1.0.0-SNAPSHOT:runner. Authentication is initiated when a tool is used without a valid session.
Key features of Simple MCP Server with upstream auth via local rest endpoint
- Requires authentication via GitHub OAuth before tool access
- Stores access tokens per session ID for reuse
- Integrates with standard MCP clients like Claude Desktop
- Uses JBang for execution with a Maven artifact
- Leverages Quarkus OIDC for the OAuth flow
- Provides a local REST endpoint for callback (
localhost:8080)
Use cases of Simple MCP Server with upstream auth via local rest endpoint
- Authenticating before listing issues for a GitHub repository (e.g.,
quarkusio/quarkus) - Demonstrating OAuth-integrated tool access in an MCP client
- Testing prototype workflows where tool usage requires external identity verification
FAQ from Simple MCP Server with upstream auth via local rest endpoint
What dependencies are required to run this server?
You need JBang, a GitHub OAuth App, and an MCP client such as Claude Desktop.
How do I set up the GitHub OAuth App?
Navigate to GitHub Developer Settings, create a new OAuth App, set the callback URL to http://127.0.0.1:8080/auth, then copy the client ID and generate a client secret. Paste both into application.properties.
How does authentication work in practice?
When a tool is invoked without a valid session, the server returns a link like http://127.0.0.1/auth?sessionId=<UUID>. Clicking it redirects to GitHub for OAuth authorization. After successful authentication, you can retry the tool in Claude.
What tools are available in this server?
The README demonstrates two tools: getSessionId and listIssues. The listIssues tool requires authentication before use.
Is this server ready for production use?
No, it is explicitly described as a prototype.