Implementing OAuth for Streamable HTTP Server & Client without PKCE

What is MCP OAuth Server?

MCP OAuth Server is a project that implements OAuth for a Streamable HTTP Server and Client without the need for PKCE, utilizing device flow for secure authentication.

How to use MCP OAuth Server?

1. Clone the repository and install dependencies using npm install.
2. Create an OAuth app in GitHub Developer Settings, enabling Device Flow, and note the Client ID and Client Secret.
3. Set the environment variables GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET.
4. Start the MCP Server with npx tsx server/index_streamable.ts.
5. In a different terminal, start the MCP Client with npx tsx client/client.ts.

Key features of MCP OAuth Server?

• Streamable HTTP Server and Client with OAuth support.
• Device flow based OAuth implementation for enhanced security.
• No need for browser-based PKCE flow.

Use cases of MCP OAuth Server?

1. Securely authenticate devices without a browser.
2. Implement OAuth in headless applications.
3. Facilitate server-to-server token exchanges securely.

FAQ from MCP OAuth Server?

• Can I use this server for any type of application?

Yes, it is designed for applications that require secure OAuth authentication without a browser.

• Is there a need for PKCE in this implementation?

No, the device flow eliminates the need for PKCE, making it simpler and more secure.