MCP OAuth2

v1.0.0Developer Toolsstable

Reference mcp server implementation of draft mcp oauth spec https://modelcontextprotocol.io/specification/draft/basic/authorization#2-3-authorization-server-discovery

mcpmcp-hostmcp-servermcp-serversmcp-tools
Share:
8
Stars
0
Downloads
0
Weekly
0/5

What is MCP OAuth2?

MCP OAuth2 is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to reference mcp server implementation of draft mcp oauth spec https://modelcontextprotocol.io/specification/draft/basic/authorization#2-3-authorization-server-discovery

Reference mcp server implementation of draft mcp oauth spec https://modelcontextprotocol.io/specification/draft/basic/authorization#2-3-authorization-server-discovery

This server falls under the Developer Tools category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Reference mcp server implementation of draft mcp oauth spec

Use Cases

Reference implementation of MCP OAuth2.1 authorization spec.
QuantGeekDev

Maintainer

LicenseMIT
Languagetypescript
Versionv1.0.0
UpdatedOct 20, 2025
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx mcp-oauth2-1

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use MCP OAuth2

MCP OAuth2.1 Server is a reference implementation of the draft MCP authorization specification, demonstrating how MCP servers can require OAuth 2.1 authentication before granting tool access. It supports AWS Cognito and Keycloak as identity providers, scope-based access control, and HTTPS-only enforcement per the OAuth 2.1 spec, making it a practical starting point for building secure MCP infrastructure.

Prerequisites

  • Node.js 18+ and npm installed
  • An identity provider: AWS Cognito user pool or a self-hosted Keycloak instance
  • HTTPS endpoint — either via ngrok (free static domain available) or a real TLS certificate
  • Basic familiarity with OAuth 2.1 authorization code flow
1

Clone the repository and install dependencies

Clone the reference implementation from GitHub and install npm dependencies before building.

git clone https://github.com/QuantGeekDev/mcp-oauth2.1-server.git
cd mcp-oauth2.1-server
npm install
2

Configure environment variables

Create a .envs file in the config directory. Set PORT (default 1335) and PROTOCOL. OAuth 2.1 requires HTTPS for production — use http only for local testing where compliance is not required.

PORT=1335
PROTOCOL=https
3

Set up an HTTPS tunnel with ngrok

Because OAuth 2.1 prohibits plain http, use ngrok with a static custom domain (available on the free plan) to expose your local server over HTTPS for identity provider callbacks.

ngrok http --domain=your-static-domain.ngrok-free.app 1335
4

Configure your identity provider

In AWS Cognito, go to your User Pool > App clients and set the callback URL to your ngrok HTTPS domain. For Keycloak, add the redirect URI in the client settings. The required scope is mcp:access.

5

Build and start the server

Build the TypeScript project and start the server. The server will listen on the configured PORT and enforce OAuth 2.1 token validation on all MCP requests.

npm run build
npm run start

MCP OAuth2 Examples

Client configuration

MCP client configuration for a server that requires OAuth 2.1 authorization discovery at the server URL.

{
  "mcpServers": {
    "secure-mcp": {
      "command": "node",
      "args": ["dist/index.js"],
      "env": {
        "PORT": "1335",
        "PROTOCOL": "https"
      }
    }
  }
}

Prompts to try

This is a reference server — once authenticated, these queries demonstrate that authorization is working correctly.

- "What MCP tools are available on this server?"
- "Verify that my OAuth token has the mcp:access scope"
- "Show me the authorization server discovery metadata"

Troubleshooting MCP OAuth2

Server rejects tokens with scope validation error

The required scope is mcp:access, formatted as a resource-specific URI like https://your-domain.com/mcp:access. Ensure your identity provider client is configured to issue this exact scope string.

Cognito callback fails with redirect_uri mismatch

Your ngrok static domain must be registered exactly in Cognito's Allowed callback URLs under App clients. The URL must match character-for-character including the trailing slash if present.

Server starts but clients immediately get 401 responses

Confirm PROTOCOL is set to https and your ngrok tunnel is running. The OAuth 2.1 spec prohibits http for token endpoints. For local-only testing without compliance, set PROTOCOL=http to bypass the check.

Frequently Asked Questions about MCP OAuth2

What is MCP OAuth2?

MCP OAuth2 is a Model Context Protocol (MCP) server that reference mcp server implementation of draft mcp oauth spec https://modelcontextprotocol.io/specification/draft/basic/authorization#2-3-authorization-server-discovery It connects AI assistants to external tools and data sources through a standardized interface.

How do I install MCP OAuth2?

Follow the installation instructions on the MCP OAuth2 GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with MCP OAuth2?

MCP OAuth2 works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is MCP OAuth2 free to use?

Yes, MCP OAuth2 is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

Browse More Developer Tools MCP Servers

Explore all developer tools servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "mcp-oauth2-1": { "command": "npx", "args": ["-y", "mcp-oauth2-1"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use MCP OAuth2?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides