MCP OAuth2
Reference mcp server implementation of draft mcp oauth spec https://modelcontextprotocol.io/specification/draft/basic/authorization#2-3-authorization-server-discovery
What is MCP OAuth2?
MCP OAuth2 is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to reference mcp server implementation of draft mcp oauth spec https://modelcontextprotocol.io/specification/draft/basic/authorization#2-3-authorization-server-discovery
Reference mcp server implementation of draft mcp oauth spec https://modelcontextprotocol.io/specification/draft/basic/authorization#2-3-authorization-server-discovery
This server falls under the Developer Tools category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Reference mcp server implementation of draft mcp oauth spec
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx mcp-oauth2-1Configuration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use MCP OAuth2
MCP OAuth2.1 Server is a reference implementation of the draft MCP authorization specification, demonstrating how MCP servers can require OAuth 2.1 authentication before granting tool access. It supports AWS Cognito and Keycloak as identity providers, scope-based access control, and HTTPS-only enforcement per the OAuth 2.1 spec, making it a practical starting point for building secure MCP infrastructure.
Prerequisites
- Node.js 18+ and npm installed
- An identity provider: AWS Cognito user pool or a self-hosted Keycloak instance
- HTTPS endpoint — either via ngrok (free static domain available) or a real TLS certificate
- Basic familiarity with OAuth 2.1 authorization code flow
Clone the repository and install dependencies
Clone the reference implementation from GitHub and install npm dependencies before building.
git clone https://github.com/QuantGeekDev/mcp-oauth2.1-server.git
cd mcp-oauth2.1-server
npm installConfigure environment variables
Create a .envs file in the config directory. Set PORT (default 1335) and PROTOCOL. OAuth 2.1 requires HTTPS for production — use http only for local testing where compliance is not required.
PORT=1335
PROTOCOL=httpsSet up an HTTPS tunnel with ngrok
Because OAuth 2.1 prohibits plain http, use ngrok with a static custom domain (available on the free plan) to expose your local server over HTTPS for identity provider callbacks.
ngrok http --domain=your-static-domain.ngrok-free.app 1335Configure your identity provider
In AWS Cognito, go to your User Pool > App clients and set the callback URL to your ngrok HTTPS domain. For Keycloak, add the redirect URI in the client settings. The required scope is mcp:access.
Build and start the server
Build the TypeScript project and start the server. The server will listen on the configured PORT and enforce OAuth 2.1 token validation on all MCP requests.
npm run build
npm run startMCP OAuth2 Examples
Client configuration
MCP client configuration for a server that requires OAuth 2.1 authorization discovery at the server URL.
{
"mcpServers": {
"secure-mcp": {
"command": "node",
"args": ["dist/index.js"],
"env": {
"PORT": "1335",
"PROTOCOL": "https"
}
}
}
}Prompts to try
This is a reference server — once authenticated, these queries demonstrate that authorization is working correctly.
- "What MCP tools are available on this server?"
- "Verify that my OAuth token has the mcp:access scope"
- "Show me the authorization server discovery metadata"Troubleshooting MCP OAuth2
Server rejects tokens with scope validation error
The required scope is mcp:access, formatted as a resource-specific URI like https://your-domain.com/mcp:access. Ensure your identity provider client is configured to issue this exact scope string.
Cognito callback fails with redirect_uri mismatch
Your ngrok static domain must be registered exactly in Cognito's Allowed callback URLs under App clients. The URL must match character-for-character including the trailing slash if present.
Server starts but clients immediately get 401 responses
Confirm PROTOCOL is set to https and your ngrok tunnel is running. The OAuth 2.1 spec prohibits http for token endpoints. For local-only testing without compliance, set PROTOCOL=http to bypass the check.
Frequently Asked Questions about MCP OAuth2
What is MCP OAuth2?
MCP OAuth2 is a Model Context Protocol (MCP) server that reference mcp server implementation of draft mcp oauth spec https://modelcontextprotocol.io/specification/draft/basic/authorization#2-3-authorization-server-discovery It connects AI assistants to external tools and data sources through a standardized interface.
How do I install MCP OAuth2?
Follow the installation instructions on the MCP OAuth2 GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with MCP OAuth2?
MCP OAuth2 works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is MCP OAuth2 free to use?
Yes, MCP OAuth2 is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
MCP OAuth2 Alternatives — Similar Developer Tools Servers
Looking for alternatives to MCP OAuth2? Here are other popular developer tools servers you can use with Claude, Cursor, and VS Code.
Ecc
★ 188.2kThe agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
Javaguide
★ 155.8kJava 面试 & 后端通用面试指南,覆盖计算机基础、数据库、分布式、高并发、系统设计与 AI 应用开发
Gemini CLI
★ 104.5kA secure MCP server that wraps the Google Gemini CLI, allowing clients to query Gemini models using local OAuth sessions without requiring an API key. It provides tools for model interaction and diagnostics with built-in protection against command in
Awesome MCP Servers
★ 87.3k⭐ Curated list of Model Context Protocol (MCP) servers - tools that extend Claude Desktop, Cursor, Windsurf, and other MCP clients with custom capabilities.
MCP Servers
★ 86.0kModel Context Protocol Servers
CC Switch
★ 77.5kA cross-platform desktop All-in-One assistant for Claude Code, Codex, OpenCode, OpenClaw, Gemini CLI & Hermes Agent. Only official website: ccswitch.io
Browse More Developer Tools MCP Servers
Explore all developer tools servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up MCP OAuth2 in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use MCP OAuth2?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.