🔒
Oauth Client
No description available
0 installs
Trust: 30 — Low
Security
Ask AI about Oauth Client
Powered by Claude · Grounded in docs
I know everything about Oauth Client. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Loading tools...
Reviews
Documentation
Start the project
Build:
npm run build
Run dev:
npm run dev
min-ts-mcp-auth
Minimal implementation of MCP server auth with TypeScript.
Security Notes
This demo always validates the access token audience (resource indicator) returned by the introspection endpoint.
Checks performed during introspection:
- Token is successfully introspected (HTTP 200 from the authorization server).
activeflag (RFC 7662) is notfalse.audclaim (string or array) is present and at least one value matches the server's base URL (RFC 8707 resource indicator semantics).- Scopes are parsed into an array for later use (no specific scopes required by default).
Not implemented (could be added):
- Local JWT signature verification via JWKS (currently relies on remote introspection).
- Explicit
iss,typ,nbf,expenforcement (onlyexpis returned and stored, not validated inline). - Caching / throttling of introspection requests.
Use this code for experimentation only; harden before production.
Note: This code was copied from MCP TypeScript SDK Examples
Create a Server
Create a Server using create-mcp-server:
npx @agentailor/create-mcp-server
Check the docs here: https://github.com/agentailor/create-mcp-server