MCP Credentials Broker
Enables OAuth2 authentication for GitHub, allowing agents to access GitHub APIs without hardcoded tokens.
Enables OAuth2 authentication for Google, allowing agents to access Google APIs without hardcoded tokens.
Enables OAuth2 authentication for Okta, allowing agents to access Okta APIs without hardcoded tokens.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@MCP Credentials Brokerget me a GitHub token"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP Credentials Broker
A secure credential management layer for Model Context Protocol (MCP) servers. Authenticate providers via browser — no hardcoded API keys, no tokens pasted into chat.
Why Use This?
If you're building MCP servers that need to access external APIs (GitHub, Google, Azure, etc.), you've probably hardcoded API keys in environment variables or pasted tokens into chat. This broker solves that by:
Authenticating providers via browser OAuth2 — you just log in, the broker handles the rest
Issuing short-lived references instead of exposing raw tokens to the agent
Centralizing credential management across all MCP servers in a single session
Related MCP server: AuthMCP Gateway
How It Works
You say: "List my GitHub repos"
Agent:
1. Checks if github-token is already stored
2. If not → triggers browser OAuth flow → you log in → token stored
3. Gets a short-lived reference to the token
4. Resolves the reference to the actual value (never shown to you)
5. Passes the token to your GitHub MCP toolThe agent handles all of this automatically via the included rules file — you never paste a token.
Installation
npm install @ars-system/mcp-credentials-brokerOr clone and build from source:
git clone https://github.com/ars-system/mcp-credentials-broker.git
cd mcp-credentials-broker
npm install
npm run buildConfiguration
Step 1 — Get provider credentials (one-time)
The broker needs a client_id and client_secret for each provider you want to use. These are set once as environment variables — the agent never sees or asks for them.
GitHub
Click OAuth Apps → New OAuth App
Fill in:
Application name:
MCP Credentials Broker(or anything)Homepage URL:
http://localhostAuthorization callback URL:
http://localhost:9876/oauth/callback
Click Register application
Copy the Client ID
Click Generate a new client secret and copy it
GITHUB_CLIENT_ID=your-client-id
GITHUB_CLIENT_SECRET=your-client-secretClick Create Credentials → OAuth client ID
Application type: Web application
Add to Authorized redirect URIs:
http://localhost:9876/oauth/callbackCopy the Client ID and Client Secret
GCP_CLIENT_ID=your-client-id
GCP_CLIENT_SECRET=your-client-secretAzure
Go to portal.azure.com → Azure Active Directory → App registrations
Click New registration
Name it anything, select Accounts in any organizational directory and personal Microsoft accounts
Set redirect URI to:
http://localhost:9876/oauth/callback(type: Web)After creation, go to Certificates & secrets → New client secret
Copy the Application (client) ID and the secret value
AZURE_CLIENT_ID=your-client-id
AZURE_CLIENT_SECRET=your-client-secretOkta
Go to your Okta Admin Console → Applications → Create App Integration
Select OIDC - OpenID Connect → Web Application
Add
http://localhost:9876/oauth/callbackto Sign-in redirect URIsCopy the Client ID and Client Secret
Also set your Okta domain:
OKTA_CLIENT_ID=your-client-id
OKTA_CLIENT_SECRET=your-client-secret
OKTA_DOMAIN=your-org.okta.comStep 2 — Configure your MCP client
Add the broker alongside your other MCP servers. Pass the provider env vars in the env block:
{
"mcpServers": {
"credentials-broker": {
"command": "node",
"args": ["/path/to/mcp-credentials-broker/dist/index.js"],
"env": {
"GITHUB_CLIENT_ID": "your-github-client-id",
"GITHUB_CLIENT_SECRET": "your-github-client-secret",
"GCP_CLIENT_ID": "your-gcp-client-id",
"GCP_CLIENT_SECRET": "your-gcp-client-secret"
}
},
"your-github-mcp": {
"command": "node",
"args": ["/path/to/your-github-mcp/dist/index.js"]
}
}
}Only configure the providers you actually use. You don't need all of them.
Step 3 — Add the agent rules (for Amazon Q / Claude / Cursor)
Add the following rules to your agent configuration (e.g., in .amazonq/rules/credentials-broker.md or your agent's custom rules file). These rules ensure the agent always uses the broker automatically and never asks you for tokens.
Copy the entire section below:
# Credentials Broker — Agent Rules
You have access to a `credentials-broker` MCP server. Follow these rules strictly.
## Rule 1 — Never ask the user for API tokens, passwords, or secrets
If a task requires a token (GitHub, Google, Azure, AWS, etc.), use the broker to obtain it.
Never ask the user to paste a token into the chat.
## Rule 2 — Check if a token is already stored before authenticating
Before triggering an OAuth flow, always check if the token already exists:get_secret(name: "-token", purpose: "check")
If it succeeds, use that reference. Only call `start_oauth_flow` if the secret is missing or expired.
## Rule 3 — OAuth flow requires no credentials from the user
Call `start_oauth_flow` with only `provider`, `scopes`, and `secret_name`.
The broker reads `client_id` and `client_secret` from its own environment — you must NOT ask the user for these.
start_oauth_flow( provider: "github", scopes: ["repo", "read:user"], secret_name: "github-token" )
Tell the user: "A browser window will open for you to log in. Come back here once done."
## Rule 4 — Standard token retrieval pattern
Every time you need a token to pass to another MCP tool, follow this exact sequence:
**Step 1** — Get a short-lived reference:get_secret(name: "github-token", purpose: "<what you're doing>", ttl_seconds: 3600) → returns { reference: { id: "ref-uuid" } }
**Step 2** — Resolve the reference to the actual value:resolve_secret(reference_id: "ref-uuid") → returns { value: "gho_actualtoken..." }
**Step 3** — Pass `value` to the target MCP tool's token/auth parameter.
## Rule 5 — Never log or display raw token values
After calling `resolve_secret`, use the value directly in the next tool call.
Do not print it, summarize it, or include it in any response to the user.
## Rule 6 — Naming convention for stored secrets
Use consistent names so tokens can be reused across tool calls in the same session:
| Provider | secret_name |
|----------|--------------------|
| GitHub | `github-token` |
| Google | `google-token` |
| Azure | `azure-token` |
| Okta | `okta-token` |
| Custom | `<service>-token` |
## Rule 7 — Provider configuration errors
If `start_oauth_flow` fails with "not configured", tell the user:
> "The broker needs `<PROVIDER>_CLIENT_ID` and `<PROVIDER>_CLIENT_SECRET` set as environment variables where the broker is running. These are set once by you — I won't ask for them again."
## Summary flow
Need a token? └─ get_secret("github-token") → exists? → resolve_secret → use it → missing? → start_oauth_flow → get_secret → resolve_secret → use it
Available Tools
start_oauth_flow
Opens the browser for you to log in. Stores the resulting token under secret_name. No credentials needed from you — the broker reads client_id and client_secret from its environment.
Parameter | Required | Description |
| yes |
|
| yes | List of OAuth2 scopes to request |
| yes | Name to store the token under |
| no | Custom auth URL (only for |
| no | Custom token URL (only for |
{
"provider": "github",
"scopes": ["repo", "read:user"],
"secret_name": "github-token"
}get_secret
Issues a short-lived reference to a stored secret. Returns a reference ID, not the raw value.
Parameter | Required | Description |
| yes | Name of the stored secret |
| yes | Why you're requesting it (for audit) |
| no | How long the reference is valid (default: 3600) |
{
"name": "github-token",
"purpose": "listing repositories",
"ttl_seconds": 3600
}Response:
{
"reference": {
"id": "ref-uuid",
"name": "github-token",
"expiresIn": 3600
}
}resolve_secret
Resolves a reference ID to the actual token value. Used by the agent immediately before passing the token to another MCP tool.
Parameter | Required | Description |
| yes | The |
{ "reference_id": "ref-uuid" }Response:
{ "value": "gho_actualtoken..." }store_secret
Manually store a secret (e.g. a static API key). Use get_secret + resolve_secret to retrieve it later.
Parameter | Required | Description |
| yes | Identifier for the secret |
| yes | The secret value |
| no | Key-value tags for organization |
mint_token
Generates a short-lived JWT-based token scoped to a provider. Useful when you want a broker-issued token rather than a raw OAuth token.
Parameter | Required | Description |
| yes |
|
| yes | List of scopes/permissions |
| no | Resource identifier |
| no | Token lifetime (default: provider default) |
revoke_token
Immediately invalidates a minted token.
Parameter | Required | Description |
| yes | ID of the token to revoke |
get_broker_stats
Returns counts of active tokens, active references, and stored secrets.
End-to-End Example
You: "Create a GitHub issue in my repo"
Agent: 1. get_secret("github-token") → not found
2. start_oauth_flow( → browser opens
provider: "github",
scopes: ["repo"],
secret_name: "github-token"
) → you log in → token stored
3. get_secret("github-token", → { id: "ref-abc" }
purpose: "create issue")
4. resolve_secret("ref-abc") → { value: "gho_..." } ← never shown to you
5. github-mcp/create_issue( → issue created ✓
token: "gho_...",
title: "..."
)Provider TTL Limits
Provider | Default TTL | Max TTL |
GitHub | 1 hour | 8 hours |
AWS | 1 hour | 12 hours |
GCP | 1 hour | 12 hours |
Azure | 1 hour | 12 hours |
Okta | 1 hour | 12 hours |
OAuth2 (generic) | 1 hour | 24 hours |
Architecture
┌──────────────────────────────────────────────────────┐
│ MCP Credentials Broker │
├──────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────────────────────────────────┐ │
│ │ OAuth Web Flow │ │
│ │ - Spins up local HTTP server on :9876 │ │
│ │ - Opens browser to provider auth URL │ │
│ │ - Receives callback with auth code │ │
│ │ - Exchanges code for access token │ │
│ └─────────────────────────────────────────────┘ │
│ │
│ ┌─────────────────────────────────────────────┐ │
│ │ Credentials Manager │ │
│ │ - In-memory secret storage │ │
│ │ - Short-lived reference issuance │ │
│ │ - Token lifecycle & auto-expiry │ │
│ │ - Provider config from env vars │ │
│ └─────────────────────────────────────────────┘ │
│ │
│ ┌─────────────────────────────────────────────┐ │
│ │ MCP Server Interface │ │
│ │ - Tool definitions & request handling │ │
│ └─────────────────────────────────────────────┘ │
│ │
└──────────────────────────────────────────────────────┘Security Notes
Tokens are stored in memory only — they are lost when the broker process restarts
Raw token values are never returned by
get_secret— only reference IDsThe agent rule file instructs the agent to never display resolved token values
Set
JWT_SECRETenv var in production to sign broker-issued tokens securelyThe OAuth callback server only runs during an active
start_oauth_flowcall, then shuts down
Development
npm run watch # TypeScript watch mode
npm run build # Build
npm run dev # Build + run
npm run lint # LintContributing
Contributions welcome! Please follow existing TypeScript patterns and maintain proper type definitions.
License
MIT — see LICENSE file for details
Resources
Built by @ars-system • Report Issues
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/ars-system/mcp-credentials-broker'
If you have feedback or need assistance with the MCP directory API, please join our Discord server