How do I use OAuth MCP Server?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@OAuth MCP Server register a new OAuth client for my app with read and write scopes" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

OAuth MCP Server

A complete OAuth 2.1 server implementation for FastMCP with PKCE support.

⚠️ Security Warning

This is an advanced authentication pattern. Building a secure OAuth server requires deep expertise in authentication protocols, cryptography, and security best practices. The FastMCP documentation strongly recommends using Remote OAuth or OAuth Proxy instead unless you have compelling requirements.

See OAUTH_README.md for complete documentation.

Quick Start

Installation

# Install dependencies
uv sync

Run the Server

python main.py

The server will start on http://localhost:8000 with a demo OAuth client registered.

Test the OAuth Flow

In a separate terminal:

python oauth_client_example.py

This will demonstrate the complete OAuth 2.1 flow including:

PKCE challenge/verifier generation
Authorization code exchange
Access token usage
Token refresh

Test Dynamic Client Registration

Register new OAuth clients dynamically at runtime:

python test_dcr.py

Or use curl:

curl -X POST http://localhost:8000/oauth/register \
  -H "Content-Type: application/json" \
  -d '{
    "redirect_uris": ["http://localhost:5000/callback"],
    "client_name": "My App",
    "scope": "read write"
  }'

The server will respond with a client_id and client_secret that you can use immediately.

Test New OAuth Endpoints

Test all the new OAuth 2.0/2.1 endpoints:

python test_new_endpoints.py

This tests:

OAuth Authorization Server Metadata discovery
Token revocation (RFC 7009)
Token introspection (RFC 7662)
UserInfo endpoint

Demo Credentials

OAuth Client:

Client ID: demo_client
Client Secret: demo_secret

Demo User:

Username: demo_user
Password: demo_password

Project Structure

oauth_mcp/
├── main.py                      # FastMCP server with OAuth
├── oauth_provider.py            # OAuth 2.1 server implementation
├── oauth_client_example.py      # Complete OAuth flow demo
├── test_dcr.py                  # Dynamic Client Registration test
├── test_new_endpoints.py        # Tests for all new OAuth endpoints
├── client.py                    # Original simple client (no auth)
├── OAUTH_README.md             # Complete documentation
└── README.md                   # This file

Features

✅ Full OAuth 2.1 implementation
✅ PKCE (Proof Key for Code Exchange)
✅ Authorization code flow
✅ Token refresh with rotation
✅ Token revocation (RFC 7009)
✅ Token introspection (RFC 7662)
✅ Scope validation
✅ State parameter for CSRF protection
✅ Dynamic Client Registration (DCR) - RFC 7591
✅ OAuth Authorization Server Metadata (RFC 8414)
✅ OAuth Protected Resource Metadata (RFC 9470)
✅ UserInfo endpoint for user profile