Add OAuth 2.1 with Google OIDC to MCP hub

Browse source

- Implement OAuth 2.1 authorization code + PKCE flow
- Google OIDC integration with dynamic client registration
- Well-known endpoints (/.well-known/oauth-protected-resource, /.well-known/oauth-authorization-server)
- OAuth token validation middleware for all service endpoints
- SQLite-backed token and client persistence
- Automatic token cleanup on 1-hour interval
- CORS headers for public OAuth endpoints
- E2E tests gracefully skip when OAuth is configured
- Placeholder credentials in .env for manual setup

Key files:
- src/oauth.js: OAuth routes and middleware
- src/oauth-store.js: SQLite persistence layer
- src/server.js: CORS + OAuth integration
- ecosystem.config.js: OAuth env vars
- .env: OAuth credentials (placeholders)
- test/e2e.js: Graceful skip on configured OAuth

All unauthenticated requests to /:serviceId/sse and /:serviceId/message now receive 401 with WWW-Authenticate header.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

...

This commit is contained in:

Agent 2026-03-13 12:38:12 +00:00

parent fc5fa4e16d

commit 4e78557158

7 changed files with 1592 additions and 0 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download patch file Download diff file Expand all files Collapse all files

1149

package-lock.json generated

View file

File diff suppressed because it is too large Load diff