mcp-oauth2.1-server
by QuantGeekDev·★ 8·Score 35
Reference MCP server implementing OAuth 2.1 authorization for secure access control.
Overview
This is a reference implementation of an MCP server with OAuth 2.1 authentication support, following the draft authorization specification. It provides secure access control through either AWS Cognito or self-hosted Keycloak, with proper scope validation. The server is built using TypeScript and includes setup instructions for testing with ngrok to comply with OAuth 2.1 requirements for HTTPS.
Try asking AI
After installing, here are 5 things you can ask your AI assistant:
When to choose this
Choose this when implementing OAuth 2.1 authentication for your MCP server, especially if you're already using AWS Cognito or Keycloak.
When NOT to choose this
Not suitable if you need a simple authentication solution or are using different identity providers not supported by this implementation.
Comparable tools
Installation
Installation
- Clone the repository
- Install dependencies:
``bash npm install ``
- Build the server:
``bash npm run build ``
- Start the server:
``bash npm run start ``
Configuration
Configure your authentication provider (Cognito or Keycloak) in the config folder and set environment variables in .envs.
For Claude Desktop, add to mcp.json:
{
"mcpServers": {
"oauth2-mcp": {
"command": "node",
"args": ["path/to/your/built/server.js"]
}
}
}FAQ
- Why can't I use localhost with OAuth 2.1?
- OAuth 2.1 requires HTTPS protocol and doesn't allow http. You need to use ngrok or similar service to create a secure tunnel.
- What authentication providers are supported?
- Currently supports AWS Cognito and self-hosted Keycloak as authentication providers.
Compare mcp-oauth2.1-server with
Last updated · Auto-generated from public README + GitHub signals.