Implementing OAuth for Streamable HTTP Server & Client without PKCE
@asibyl
关于 Implementing OAuth for Streamable HTTP Server & Client without PKCE
MCP Streamable HTTP Server with Device Flow OAuth
基本信息
配置
使用下面的配置,将此服务器添加到你的 MCP 客户端。
{
"mcpServers": {
"streamable-http-server": {
"command": "npx",
"args": [
"tsx",
"server/index_streamable.ts"
],
"env": {
"GITHUB_CLIENT_ID": "",
"GITHUB_CLIENT_SECRET": ""
}
}
}
}工具
未检测到工具
工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。
概览
What is Implementing OAuth for Streamable HTTP Server & Client without PKCE?
A reference implementation that adds OAuth support to the Streamable HTTP Server and Client using the device authorization grant flow (device flow) instead of browser-based redirects. It integrates with GitHub as the OAuth provider and is intended for developers who need headless OAuth authentication for MCP (Model Context Protocol) servers.
How to use Implementing OAuth for Streamable HTTP Server & Client without PKCE?
Clone the repository, install dependencies with npm install, set the GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET environment variables from a GitHub OAuth App that has "Enable Device Flow" selected, then start the server with npx tsx server/index_streamable.ts and the client with npx tsx client/client.ts.
Key features of Implementing OAuth for Streamable HTTP Server & Client without PKCE
- Streamable HTTP Server with OAuth device flow support
- Streamable HTTP Client with headless OAuth support
- Replaces browser-based OAuth with device code flow
- No PKCE required due to device flow security
- Uses GitHub as the OAuth provider
Use cases of Implementing OAuth for Streamable HTTP Server & Client without PKCE
- Automating MCP server OAuth without an interactive browser
- Running OAuth flows in headless environments or CI/CD
- Testing Streamable HTTP OAuth without the MCP Inspector
FAQ from Implementing OAuth for Streamable HTTP Server & Client without PKCE
Why is PKCE not used?
Device flow does not require PKCE because there is no redirect or client-side code handling. The user interacts directly with GitHub, and all token exchange happens server-to-server. The device code is short-lived and tied to the requesting client.
What runtime dependencies are required?
Node.js, npm, and tsx for running TypeScript files.
How do I configure the GitHub OAuth app?
Go to GitHub Developer Settings, create an OAuth App, set a callback URL (e.g., http://localhost), and enable "Device Flow". Note the Client ID and Client Secret, then set them as environment variables.
Can I use a different OAuth provider?
The README only documents configuration with GitHub. The implementation is tied to GitHub’s device flow endpoint.
Where are tokens and sessions stored?
The server stores access tokens and session tokens in its own token store (in-memory). No persistent storage is described.
开发工具 分类下的更多 MCP 服务器
MCP Unity Editor (Game Engine)
CoderGamesterModel Context Protocol (MCP) plugin to connect with Unity Editor — designed for Cursor, Claude Code, Codex, Windsurf and other IDEs
MCP Containers
metorialConnect any AI model to 1200+ integrations (MCP, CLI, API)
Stakpak Agent CLI
stakpakShip your code, on autopilot. An open source agent that lives on your machines 24/7 and keeps your apps running. 🦀
MCP-Bridge
SecretiveShellA middleware to provide an openAI compatible endpoint that can call MCP tools
mcp-excalidraw
yctimlinMCP server and Claude Code skill for Excalidraw — programmatic canvas toolkit to create, edit, and export diagrams via AI agents with real-time canvas sync.
评论