mcp-oauth
Installation
SKILL.md
OAuth 2.0 PKCE for MCP Servers
Add production-ready OAuth authentication to a remote MCP server. This implements the full MCP authorization spec — discovery, dynamic client registration, PKCE authorization, token exchange, and refresh.
When you need this
Your MCP server accesses user-specific data (their account, their files, their playlists). Without auth, anyone with your server URL could access anyone's data. OAuth lets each user authenticate with their own credentials and get their own token.
Architecture overview
Your MCP server plays two roles:
- OAuth server for MCP clients (Claude, Smithery) — issues your own tokens
- OAuth client to the upstream service (Tidal, GitHub, Slack, etc.) — exchanges for their tokens