mcp-analytics-github-oauth

This MCP server provides remote MCP connections with GitHub OAuth authentication and built-in analytics. It enables users to sign in with GitHub, gain access to tools such as a simple add tool and an image generation tool (for authorized users), and have their tool usage and session data tracked in MCP Analytics. To connect, you typically run or connect to the server via a client configuration (for example, Claude Desktop or an MCP client) that points to the server URL and uses the npx-based remote configuration. Once connected, users will authenticate with GitHub, and authorized users will be able to access the image generation capability. The analytics integration automatically collects tool usage, performance, and user metrics, which you can view in the MCP Analytics dashboard.

Prerequisites:

• Node.js and npm installed
• Wrangler installed and configured for Cloudflare Workers
• A Cloudflare account with Workers access
• An OAuth app on GitHub for production and a development app for local testing

Step 1: Clone the repo

git clone <your-repo-url>
cd mcp-github-oauth-analytics

Step 2: Install dependencies

npm install

Step 3: Configure secrets and environment

• Production secrets (via Wrangler):

wrangler secret put GITHUB_CLIENT_ID
wrangler secret put GITHUB_CLIENT_SECRET
wrangler secret put COOKIE_ENCRYPTION_KEY  # recommended: openssl rand -hex 32

• Local development variables (in .dev.vars or environment):

GITHUB_CLIENT_ID=your_development_github_client_id
GITHUB_CLIENT_SECRET=your_development_github_client_secret
COOKIE_ENCRYPTION_KEY=your_random_encryption_key
MCP_ANALYTICS_API_KEY=your_analytics_api_key

Step 4: Set up KV namespace (for OAuth state storage)

wrangler kv:namespace create "OAUTH_KV"

Update wrangler.toml with the returned KV ID as indicated in the logs.

Step 5: Deploy

wrangler deploy

Local development start

wrangler dev

Your MCP server will be available at the configured URL plus /sse, e.g. https://your-worker-name.your-subdomain.workers.dev/sse

Tips and common issues:

• Ensure your GitHub OAuth app URLs exactly match your deployment URLs in production; misconfiguration here is a common cause of OAuth callback failures.
• Set ALLOWED_USERNAMES in the server code to control who can access the image generation tool; unauthorized users will be blocked from that feature.
• If analytics show an invalid API key, double-check MCP_ANALYTICS_API_KEY and ensure it is correctly set in production secrets or local dev env vars.
• For local development, use the development GitHub OAuth app with http://localhost:8788 URLs and populate .dev.vars with the corresponding IDs/secrets.
• Remember to keep the COOKIE_ENCRYPTION_KEY secret and rotate keys as needed; do not expose it publicly.
• When using Claude Desktop or other MCP clients, point them to https://your-worker-name.your-subdomain.workers.dev/sse and use the provided example configuration structure.
• Access control is enforced via ALLOWED_USERNAMES; add or remove usernames to grant or revoke access to restricted tools like generateImage.