MCP.so
登录

MCP with OAuth

@akshay12390

关于 MCP with OAuth

Reference https://github.com/spring-projects/spring-ai-examples/tree/main/model-context-protocol/weather/starter-webmvc-oauth2-server

基本信息

分类

媒体与设计

运行时

java

传输方式

stdio

发布者

akshay12390

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "mcp-weather-oauth2-server": {
      "command": "npx",
      "args": [
        "@modelcontextprotocol/[email protected]"
      ]
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is MCP with OAuth?

MCP with OAuth is a sample project that demonstrates how to secure an MCP (Model Context Protocol) server using OAuth2, following the MCP specification’s authorization section. It is intended for developers who need to add OAuth2 authentication to an MCP server.

How to use MCP with OAuth?

Run the project with ./mvnw spring-boot:run. Obtain tokens via client credentials or auth code (PKCE). For client credentials, call /oauth2/token with grant_type=client_credentials and authenticate as mcp-client:secret. For PKCE, first run pkce_generator.py and then token_request.py. Use the token with the MCP inspector (npx @modelcontextprotocol/[email protected]) by pasting it and clicking connect.

Key features of MCP with OAuth

  • OAuth2 client credentials flow support
  • OAuth2 authorization code with PKCE flow
  • Token issuance via Spring Authorization Server
  • Token validation using Spring Security Resource Server
  • Ready-to-run Spring Boot sample
  • MCP Inspector integration for testing

Use cases of MCP with OAuth

  • Securing MCP server endpoints with OAuth2 tokens
  • Implementing machine-to-machine communication using client credentials
  • Enabling browser-based authentication for MCP clients with PKCE
  • Testing and verifying OAuth2-secured MCP servers with the MCP Inspector

FAQ from MCP with OAuth

What dependencies are needed to add OAuth2 to an MCP server?

The sample uses Spring Security (infrastructure), Spring Authorization Server (token issuance), and Spring Security OAuth2 Resource Server (token-based authentication).

How long are access tokens valid?

Tokens are valid for 15 minutes.

Does the sample support reactive (WebFlux) token issuance?

No. Spring Authorization Server does not support the reactive stack, so issuing tokens only works in Servlet environments.

How can I test my OAuth2-secured MCP server?

Store the token obtained from the /oauth2/token endpoint, boot the MCP inspector (npx @modelcontextprotocol/[email protected]), paste the token, and click connect.

评论

媒体与设计 分类下的更多 MCP 服务器