-
securityA
license-
qualityAn MCP server that exposes HTTP methods defined in an OpenAPI specification as tools, enabling interaction with APIs via the Model Context Protocol.
Last updated -
8
MIT License
Provides a database adapter for storing OAuth entities in Drizzle ORM, including schema definitions for clients, authorization codes, and tokens.
Offers an adapter for integrating with Express applications, allowing the OAuth server to be used as Express middleware.
Provides an adapter for Next.js applications with route handlers and configuration for OAuth endpoints, including rewrites for .well-known endpoints.
Enables integration with OpenAI's ChatGPT via the MCP protocol, allowing authentication and authorization for ChatGPT to access tools and resources.
Offers a database adapter for storing OAuth entities in Prisma, including model definitions for clients, authorization codes, and tokens.
@mcpauth/auth
A full-featured, self-hostable OAuth 2.0 server designed for the Modern AI-era and the
@mcpauth/auth empowers you to secure your MCP applications with a robust and flexible OAuth 2.0 implementation that you control.
Live Demo
Check out the live demo of @mcpauth/auth in action, deployed on Vercel:
https://mcpauth-nextjs.vercel.app/
The source code for this demo is available in the apps/nextjs directory of this repository.
For more live examples, see the Examples page in the documentation.
Docs
The documentation for @mcpauth/auth is available at https://mcpauth-docs.vercel.app/.
Why @mcpauth/auth?
Own Your Data and Your Authentication
With @mcpauth/auth, you host the server, you own the data. No separate authorization server. No vendor lock-in.
Required for Modern MCP Clients
Major MCP clients like OpenAI's ChatGPT require OAuth 2.0 for authenticating users and authorizing access to tools and resources. @mcpauth/auth provides the compliant, secure server you need to integrate with these modern clients.
Seamlessly Integrate Your Existing Auth
The biggest challenge with adopting a new authentication system is integrating it with your existing user management. @mcpauth/auth solves this with a single, powerful function: authenticateUser.
This function allows you to plug in any existing authentication logic. Whether your users are authenticated via a session cookie, a bearer token, or an external system, you can validate them and link them to the OAuth flow with just a few lines of code.
For example, if you're using @auth/express for session management, your implementation is as simple as this:
authenticateUser: async (request: Request) => {
// Grab the user's existing session from a cookie
const session = await getSession(request, authConfig);
// Return the user object if they are authenticated, or null if not
return (session?.user as OAuthUser) ?? null;
},
This flexibility means you can add a compliant MCP OAuth layer to your application without rebuilding your entire authentication stack.
Compatibility
@mcpauth/auth is designed to be adaptable to your existing stack. Here's a summary of our currently supported frameworks and database stores:
Type | Supported | Notes |
Framework | Next.js , Express | Adapters provide seamless integration with popular Node.js frameworks. |
Database | Prisma , Drizzle | Stores handle all the database interactions for OAuth entities. |
Don't see your preferred framework or database? Request a new adapter or store by opening an issue on GitHub.
Note for ChatGPT Deep Research Connectors
ChatGPT's Deep Research Custom Connector is a new feature that allows you to use OpenAI's ChatGPT with your own data. It's a great way to get started with MCP, and requires an OAuth 2.0 server to authenticate users and authorize access to tools and resources.
@mcpauth/auth provides the compliant, secure server you need to integrate with ChatGPT's Deep Research Custom Connector.
There are a few issues with ChatGPT's Custom Connectors (across all MCP servers). They have been actively fixing many of these issues, but some remain. For example, after adding a new custom connector, you'll frequently get a "This connector does not implement our schema" error. This is a known issue, and refreshing your page often fixes it.
Contributing
We're open to all community contributions!
License
ISC
This server cannot be installed
Related Resources
Related MCP Servers
Pipedreamofficial
-security-license-qualityRun your own MCP server for over 2,500 apps and APIs. * Run your own MCP server for over 2,500 APIs * Manage servers for your users, in your own app. * Connect accounts, configure params, and make API requests, all via tools * Fully-managed OAuth and credential storage )Last updated -19810,813- -securityAlicense-qualityA reference implementation for creating an MCP server supporting Streamable HTTP & SSE Transports with OAuth authorization, allowing developers to build OAuth-authorized MCP servers with minimal configuration.Last updated -97MIT License
- -securityFlicense-qualityAn MCP server that enables authentication and authorization with Google's OAuth2 API, allowing users to securely authenticate and access Google services through natural language interactions.Last updated -