mcp-weather-oauth2-server
by akshay12390
This sample demonstrates how to secure an MCP server using OAuth2, as per the MCP specification. It provides a basic implementation for issuing and validating OAuth2 tokens.
View on GitHub
Last updated: N/A
MCP with OAuth
This sample demonstrates how to secure an MCP server using OAuth2, as per the MCP specification.
Getting started
Run the project with:
./mvnw spring-boot:run
Obtain a token by calling the /oauth2/token endpoint:
curl -XPOST "http://localhost:8080/oauth2/token" \
--data grant_type=client_credentials \
--user "oidc-client:secret"
# And copy-paste the access token
# Or use JQ:
curl -XPOST "http://localhost:8080/oauth2/token" \
--data grant_type=client_credentials \
--user "oidc-client:secret" | jq -r ".access_token"
Store that token, and then boot up the MCP inspector:
npx @modelcontextprotocol/[email protected]
In the MCP inspector, paste your token. Click connect, and voilà!
MCP inspector
Note that the token is only valid for 5 minutes
Implementation considerations
Dependencies
In Spring, OAuth2 Support for MCP server means adding:
- Spring Security (infrastructure for security)
- Spring Authorization Server (issuing tokens)
- Spring Security: OAuth2 Resource Server ( authentication using tokens)
Note that Spring Auth Server does not support the reactive stack, so issuing tokens only works in Servlet.