This MCP server provides a production-ready OAuth 2.1 authorization server with MCP-specific capabilities and an analytics dashboard. It supports the MCP authorization flow, including PKCE and refresh tokens, and exposes endpoints for discovery, token exchange, and resource indicators in accordance with the MCP specification. The server also includes a real-time analytics dashboard and security monitoring, accessible under the /analytics path. Clients can integrate via the MCP endpoints at /mcp/mcp and subscribe to server-sent events at /mcp/sse. Documentation and quick-start examples illustrate how to register clients dynamically, perform OAuth flows, and register MCP clients for seamless onboarding. For client integration, you can use the provided sample configurations to connect tools like Claude or Cursor by pointing them to the appropriate MCP endpoints and transport (SSE or HTTP-stream).

Prerequisites:

• Node.js (LTS version) and a package manager (pnpm recommended)
• PostgreSQL database
• Basic environment for OAuth (client credentials, redirect URIs) and an accessible domain for NEXTAUTH_URL

Steps:

1. Clone the repository: git clone https://github.com/raxITai/mcp-oauth-sample.git cd mcp-oauth-sample

2. Install dependencies: pnpm install

3. Copy and adjust environment variables: cp .env.example .env

   Edit .env and set DATABASE_URL, NEXTAUTH_URL, OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET, JWT_SECRET, etc.

4. Set up the database with Prisma: pnpm prisma generate pnpm prisma db push

5. Run the development server: pnpm dev

Notes:

• The server uses Next.js with MCP-specific enhancements. In production, you would run the built server via your hosting platform (Vercel, etc.), ensuring the environment variables are securely provided.
• The mcp_config sample uses a Node.js path to server.js; adjust if your build process uses a different entry point (e.g., starting with pnpm start in production).

Tips and common considerations:

• Ensure NEXTAUTH_URL and OAUTH redirect URIs match your deployed domain to avoid redirect failures.
• If you rotate client secrets or JWT keys, restart the server so new keys take effect.
• The analytics dashboard relies on real-time data; ensure Redis or any required in-memory store is available and properly configured.
• For local development, you can run Prisma locally and use a local PostgreSQL instance; for production, consider managed PostgreSQL and separate analytics data storage.
• The MCP endpoints include discovery at /.well-known/oauth-authorization-server and client-facing endpoints at /mcp/mcp and /mcp/sse. Use these in your client integrations.
• If you encounter CORS or authentication errors, verify NEXTAUTH_URL, allowed origins, and the OAuth client configuration in the provider settings.