MCP Server OAuth Toy
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@MCP Server OAuth Toywho am I?"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP Server OAuth Toy
A simple MCP (Model Context Protocol) server with OAuth 2.0 authentication for testing the OAuth support in mcp-cli.
Features
Full OAuth 2.0 Authorization Code flow with PKCE
Dynamic client registration (RFC 7591)
In-memory session storage (for testing)
Browser-based authorization where users enter their name
Two tools:
whoami(returns authenticated user) andecho(echoes message with user name)
Related MCP server: SkyStage MCP Test Server
Quick Start
1. Start the Server (Docker)
# Clone the repository
git clone https://github.com/bvolpato/mcp-server-oauth-toy.git
cd mcp-server-oauth-toy
# Build and run with Docker
docker build -t mcp-server-oauth-toy .
docker run -p 8000:8000 mcp-server-oauth-toy2. Configure mcp-cli
Add to your ~/.config/mcp/mcp_servers.json:
{
"mcpServers": {
"oauth-toy": {
"url": "http://localhost:8000/mcp",
"oauth": true
}
}
}3. Test with mcp-cli
# Install mcp-cli (requires Bun)
bun install -g @philschmid/mcp-cli
# List available tools (will trigger OAuth flow on first run)
mcp-cli -c ~/.config/mcp/mcp_servers.json oauth-toy
# Call the whoami tool
mcp-cli -c ~/.config/mcp/mcp_servers.json oauth-toy/whoami '{}'
# Call the echo tool
mcp-cli -c ~/.config/mcp/mcp_servers.json oauth-toy/echo '{"message": "Hello!"}'OAuth Flow
When you first connect to the server:
mcp-cli detects the server requires OAuth (401 response)
mcp-cli discovers OAuth endpoints via
/.well-known/oauth-authorization-servermcp-cli registers as a client via
/register(dynamic registration)Your browser opens to the authorization page
You enter your name and click "Authorize"
mcp-cli receives the authorization code and exchanges it for tokens
Subsequent requests use the stored access token
Tools
whoami
Returns the name of the authenticated user.
mcp-cli -c ~/.config/mcp/mcp_servers.json oauth-toy/whoami '{}'
# Output: You are authenticated as: Aliceecho
Echoes back the provided message with the authenticated user's name.
mcp-cli -c ~/.config/mcp/mcp_servers.json oauth-toy/echo '{"message": "Hello!"}'
# Output: Alice says: Hello!Local Development
Using uv
# Install dependencies
uv sync
# Run the server
uv run python -m mcp_server_oauth_toyUsing Docker Compose
docker-compose upOAuth Endpoints
Endpoint | Description |
| OAuth 2.0 Authorization Server Metadata |
| Dynamic Client Registration |
| Authorization endpoint (shows login form) |
| Token endpoint |
MCP Endpoints
Endpoint | Description |
| MCP over Streamable HTTP |
| Health check |
Environment Variables
Variable | Default | Description |
|
| Server host |
|
| Server port |
|
| Public base URL |
| (none) | Redis URL for persistent storage (e.g., Upstash) |
| (none) | Alternative Redis URL (Vercel KV) |
Persistent Storage (for Serverless)
By default, the server uses in-memory storage which doesn't persist across serverless function invocations. For production use on Vercel, set up Redis:
Using Upstash (Recommended)
Create a free Redis database at upstash.com
Copy the
UPSTASH_REDIS_REST_URLAdd it as
REDIS_URLin your Vercel environment variables
Using Vercel KV
Add Vercel KV to your project from the Vercel dashboard
The
KV_URLenvironment variable is automatically set
Testing the PR
This server was created to test mcp-cli PR #18 which adds OAuth support.
To test the OAuth implementation:
Start this server locally
Use mcp-cli with the
oauth: trueconfigurationComplete the browser-based authorization
Verify the
whoamitool returns your name
Deploy to Vercel
Click the button above or import the repo at vercel.com/new
Select "Other" as the framework (Vercel auto-detects Python)
Deploy!
The BASE_URL is automatically set from VERCEL_URL.
Then update your mcp_servers.json:
{
"mcpServers": {
"oauth-toy": {
"url": "https://your-deployment.vercel.app/mcp",
"oauth": true
}
}
}License
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/bvolpato/mcp-server-oauth-toy'
If you have feedback or need assistance with the MCP directory API, please join our Discord server