mcpserver.so LogoMCPFly
Submit
ozzynet-mcp-server logo

ozzynet-mcp-server

by BarDweller

AI/InfrastructureOAuth2GitHubAuthenticationQuarkusOIDCJBang

This is a prototype MCP server that limits tool access based on internal state, requiring user authentication via an external URL. It uses Quarkus OIDC to authenticate via GitHub and stores the GitHub access token for the user's session.

View on GitHub

Last updated: N/A

Simple MCP Server with upstream auth via local rest endpoint

This is a prototype where an MCP server offers tools, but limits their access based on internal state, requiring the user to authenticate via an external url.

In this case, the external url is wrappered with quarkus oidc, requiring authentication via github

The resulting access token for github is then stored within the mcp for the sessionid used by the user

Note: you must edit application.properties to add your client-id and secret for your GitHub OAuth app.

Requirements

  • JBang
  • OAuth2 App with GitHub
  • MCP Client like claude

Creating an OAuth2 App with GitHub

Navigate to https://github.com/settings/developers

Select OAuth Apps from the left nav

Click 'New OAuth App'

Give it a name, and set the callback url to be http://127.0.0.1:8080/auth

Copy the client ID to application.properties Click 'generate a new client secret' and copy the secret to application.properties

Update claude desktop config json...

For windows...

{
    "mcpServers": {
        "ozzynet": {
            "command": "cmd",
            "args": [
                "/c",
                "C:\\Users\\YOURUSERNAME\\.jbang\\bin\\jbang.cmd",
                "--quiet",
                "org.ozzy:stiletto:1.0.0-SNAPSHOT:runner" ]
        }
    }
}

For mac...

{
    "mcpServers": {
        "ozzynet": {
            "command": "jbang",
            "args": [
                "--quiet",
                "org.ozzy:stiletto:1.0.0-SNAPSHOT:runner" ]
        }
    }
}

Testing..

Ask claude to list the issues for a repository ..

eg, list the issues for quarkusio's quarkus repo

Claude will ask permission to invoke the getSessionId tool Claude will then invoke the listIssues tool, and report it cannot use it, because you need to be authenticated, and will offer you a link of the form http://127.0.0.1/auth?sessionId=<UUID> .. when you click that, you will be redirected to github, to authorize via the OAuthApp you created. When auth is complete, you can return to claude, and retry the list operation =)