Provides an OAuth 2.1 gateway and transparent proxy to access GitHub's remote MCP server, enabling clients to authenticate and interact with GitHub Copilot's MCP resources through a unified auth surface.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@MCP OAuth Gatewaylist my recent GitHub pull requests"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP OAuth Gateway
Quick Start
Prerequisites
Python 3.10+
uv (recommended) or pip
Create a GitHub OAuth App
Go to GitHub Developer Settings → OAuth Apps → New OAuth App
Set Authorization callback URL to
http://localhost:8002/upstream/callbackFill in any Application name and Homepage URL
Click Register application
Copy the Client ID and generate a Client Secret
Install & Run
# Clone and install
git clone https://github.com/abj453demo/mcp-oauth-gateway.git
cd mcp-oauth-gateway
uv venv && source .venv/bin/activate
uv pip install -e .
# Start the gateway (proxies to GitHub's remote MCP server)
mcp-oauth-gateway --port=8002 \
--upstream-rs=https://api.githubcopilot.com/mcp/ \
--upstream-client-id=<YOUR_GITHUB_CLIENT_ID> \
--upstream-client-secret=<YOUR_GITHUB_CLIENT_SECRET> \
--upstream-authorize-endpoint=https://github.com/login/oauth/authorize \
--upstream-token-endpoint=https://github.com/login/oauth/access_tokenReplace <YOUR_GITHUB_CLIENT_ID> and <YOUR_GITHUB_CLIENT_SECRET> with the values from your GitHub OAuth App.
The gateway will be available at http://localhost:8002. Point your MCP client at http://localhost:8002/mcp.
Gateway Credentials
When prompted at the gateway login screen (Screen 1):
Username:
gateway_userPassword:
gateway_pass
Configurable via MCP_GATEWAY_USERNAME and MCP_GATEWAY_PASSWORD environment variables.
After gateway login, you'll be redirected to GitHub for OAuth authorization (Screen 2).
Overview
The MCP OAuth Gateway is a transparent proxy that sits between an MCP client and an upstream MCP server. It implements its own OAuth 2.1 layer and chains it with the upstream's OAuth, so the client sees a single auth surface while two independent token sets are managed behind the scenes.
The gateway acts as both an Authorization Server (AS) and a Resource Server (RS) to the client. To the upstream, it acts as a regular OAuth client.
┌──────────┐ ┌─────────────────────┐ ┌─────────────────────────────┐
│ Client │──────▶│ Gateway (AS + RS) │──────▶│ GitHub OAuth + MCP Server │
│ (Cascade) │◀──────│ localhost:8002 │◀──────│ api.githubcopilot.com/mcp/ │
└──────────┘ └─────────────────────┘ └─────────────────────────────┘Client Registration
The gateway supports OAuth 2.0 Dynamic Client Registration (RFC 7591).
Client discovers the gateway via
GET /.well-known/oauth-protected-resource, which returns the gateway as both the resource and its own authorization server.Client fetches
GET /.well-known/oauth-authorization-serverto learn the gateway's OAuth endpoints (/authorize,/token,/register).Client calls
POST /registerwith its redirect URIs and grant types. The gateway stores the client in memory and returns aclient_idandclient_secret.
The gateway uses pre-configured credentials (--upstream-client-id / --upstream-client-secret) to authenticate with the upstream AS (e.g., a GitHub OAuth App). For upstreams that support it, dynamic registration is also available.
Two-Screen Auth Flow
The authorization flow chains two OAuth flows into one client-facing redirect sequence.
Client Gateway Upstream AS
│ │ │
├─ GET /authorize ─────────▶│ │
│ ├─ redirect to /login │
│◀──────────────────────────┤ (Screen 1: gateway creds)│
│ │ │
├─ POST /login/callback ───▶│ │
│ (gateway_user/pass) ├─ redirect to upstream ───▶│
│ │ /authorize (Screen 2) │
│◀──────────────────────────┤◀──────────────────────────┤
│ │ │
│ (user logs in upstream) │ │
│───────────────────────────┼──▶ upstream callback ────▶│
│ │◀── upstream code ─────────┤
│ │ │
│ ├─ exchange upstream code │
│ │ for upstream tokens ─────▶
│ │◀── upstream access_token ─┤
│ │ + refresh_token │
│ │ │
│◀─ redirect with gw code ──┤ │
│ │ │
├─ POST /token (gw code) ──▶│ │
│◀── concatenated tokens ───┤ │Step-by-step
Client →
GET /authorize— Gateway stores the client's redirect URI, PKCEcode_challenge, and state. Redirects to its own/loginpage.Screen 1: Gateway login — User enters gateway credentials. On success, the gateway generates a PKCE pair for the upstream and redirects the user to the upstream AS's
/authorize.Screen 2: Upstream login — User authenticates with the upstream. The upstream AS redirects back to the gateway's
/upstream/callbackwith an auth code.Gateway callback — The gateway exchanges the upstream auth code for upstream access + refresh tokens (using PKCE). It generates a gateway auth code, stashes the upstream tokens, and redirects back to the client's original
redirect_uriwith the gateway auth code.Client →
POST /token— Client exchanges the gateway auth code (with its own PKCE verifier). The gateway creates its own access + refresh tokens, pairs them with the upstream tokens, and returns concatenated tokens to the client.
Token Format
Tokens returned to the client are base64-encoded pairs:
access_token = base64url( gateway_access_token + ":" + upstream_access_token )
refresh_token = base64url( gateway_refresh_token + ":" + upstream_refresh_token )The client treats these as opaque strings. The gateway splits them on every request to validate the gateway half and forward the upstream half.
expires_in is set to min(gateway_ttl, upstream_ttl) so the client refreshes before either token expires.
MCP Proxying
On every POST /mcp request:
Extract the
Bearertoken from theAuthorizationheader.Look up the token record — validate the gateway access token (expiry, revocation).
Extract the upstream access token from the pair.
Forward the request to the upstream RS with
Authorization: Bearer <upstream_token>, passing throughContent-Type,Accept,Mcp-Session-Id, andMcp-Protocol-Versionheaders.Stream the upstream response (including SSE) back to the client.
GET (SSE streams) and DELETE (session teardown) are proxied similarly.
Token Refresh
The client only interacts with the gateway for refresh — it never contacts the upstream directly.
Client sends
POST /tokenwithgrant_type=refresh_tokenand the concatenated refresh token.Gateway splits the refresh token, validates the gateway half.
If a real upstream refresh token exists, the gateway calls the upstream AS's
/tokenwithgrant_type=refresh_token. If the upstream doesn't use refresh tokens (e.g., GitHub), the existing upstream access token is reused.Gateway revokes old tokens, creates new gateway + upstream pairs, and returns new concatenated tokens.
In-Memory State
All state is held in memory (no database). Key stores:
Store | Contents | Lifetime |
| Registered OAuth clients | Until restart |
| Gateway auth codes | Consumed on |
| Gateway-issued tokens | Until expiry or revocation |
| In-flight authorize flow state | Consumed on callback |
| Raw upstream token responses | Consumed on |
| Concatenated token → token pair records | Until expiry or revocation |
Configuration
Flag / Env Var | Purpose |
| Upstream MCP Resource Server URL (required) |
| Upstream AS URL (auto-discovered from RS if omitted) |
| Pre-configured upstream client ID (skips dynamic registration) |
| Pre-configured upstream client secret |
| Direct upstream authorize URL (skips |
| Direct upstream token URL (skips |
| Gateway login credentials (default: |
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.