MCP OAuth Server

This is an MCP server with OAuth 2.0 integration to a third-party authorization server.

Available Endpoints:

Authorization Endpoint

GET /authorize

Parameters:

response_type - Must be "code"
client_id - Client identifier (e.g., "mcp-client")
redirect_uri - URI to redirect after authorization
scope - Optional requested scope
state - Optional state value for CSRF prevention

Token Endpoint

POST /token

Parameters:

grant_type - Must be "authorization_code"
code - The authorization code
client_id - Client identifier
client_secret - Client secret
redirect_uri - Redirect URI used in authorization request

MCP streamablehttp Endpoints

/mcp - Streamablehttp connection endpoint (requires OAuth token)

OAuth Flow:

MCP Client initiates OAuth flow with this MCP Server
MCP Server redirects to Third-Party OAuth Server
User authenticates with Third-Party Server
Third-Party Server redirects back to MCP Server with auth code
MCP Server exchanges the code for a third-party access token
MCP Server generates its own token bound to the third-party session
MCP Server completes the OAuth flow with the MCP Client