Add OAuth 2.1 with Google OIDC to MCP hub
- Implement OAuth 2.1 authorization code + PKCE flow - Google OIDC integration with dynamic client registration - Well-known endpoints (/.well-known/oauth-protected-resource, /.well-known/oauth-authorization-server) - OAuth token validation middleware for all service endpoints - SQLite-backed token and client persistence - Automatic token cleanup on 1-hour interval - CORS headers for public OAuth endpoints - E2E tests gracefully skip when OAuth is configured - Placeholder credentials in .env for manual setup Key files: - src/oauth.js: OAuth routes and middleware - src/oauth-store.js: SQLite persistence layer - src/server.js: CORS + OAuth integration - ecosystem.config.js: OAuth env vars - .env: OAuth credentials (placeholders) - test/e2e.js: Graceful skip on configured OAuth All unauthenticated requests to /:serviceId/sse and /:serviceId/message now receive 401 with WWW-Authenticate header. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Agent
parent
fc5fa4e16d
commit
4e78557158
7 changed files with 1592 additions and 0 deletions
|
|
@ -17,8 +17,10 @@
|
|||
"license": "ISC",
|
||||
"description": "",
|
||||
"dependencies": {
|
||||
"better-sqlite3": "^12.6.2",
|
||||
"dotenv": "^17.3.1",
|
||||
"express": "^5.2.1",
|
||||
"google-auth-library": "^10.6.1",
|
||||
"uuid": "^13.0.0",
|
||||
"ws": "^8.19.0"
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue