Is Http Oauth Mcp Server safe to use?

Http Oauth Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Http Oauth Mcp Server?

Http Oauth Mcp Server can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Http Oauth Mcp Server?

Http Oauth Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Http Oauth Mcp Server actively maintained?

Http Oauth Mcp Server is not actively maintained — last commit was 376 days ago. It has 106 GitHub stars.

Http Oauth Mcp Server

Name: Http Oauth Mcp Server
Author: NapthaAI

by NapthaAI

Remote MCP server (SEE + Streamable HTTP) implementing the MCP spec's authorization extension. Use directly from your agents, or from Cursor / Claude with mcp-remote

106 0 tools GitHub

No known CVEs

MIT license

Stale

Last commit 376d ago

Works with most clients

Transport: stdio, sse, http

0 tools

Grade F

Edit this pageView history

Developer Tools Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "http-oauth-mcp-server": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/http-oauth-mcp-server)](https://mcppedia.org/s/http-oauth-mcp-server)

Read me

What Http Oauth Mcp Server does

This repo provides a reference implementation for creating a remote MCP server that supports the Streamable HTTP & SSE Transports, authorized with OAuth based on the MCP specification.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

28/100across 5 weighted dimensions

How we score →

0255075100

−72

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Http Oauth Mcp Server safe to use?: Http Oauth Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Http Oauth Mcp Server?: Http Oauth Mcp Server can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Http Oauth Mcp Server?: Http Oauth Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Http Oauth Mcp Server actively maintained?: Http Oauth Mcp Server is not actively maintained — last commit was 376 days ago. It has 106 GitHub stars.

Similar servers

Others in developer-tools / security

View all →

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.7k 2

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.7k 1

Supabase MCP Server97

Manage Supabase projects — databases, auth, storage, and edge functions

2.7k 4

Mcp Gitlab96

MCP server for using the GitLab API

1.5k 12

MCP Security Weekly

Get CVE alerts and security updates for Http Oauth Mcp Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Developer Tools Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "http-oauth-mcp-server": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/http-oauth-mcp-server)](https://mcppedia.org/s/http-oauth-mcp-server)

Read me

What Http Oauth Mcp Server does

This repo provides a reference implementation for creating a remote MCP server that supports the Streamable HTTP & SSE Transports, authorized with OAuth based on the MCP specification.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

🌊 HTTP + SSE MCP Server w/ OAuth

Introduction

This repo provides a reference implementation for creating a remote MCP server that supports the Streamable HTTP & SSE Transports, authorized with OAuth based on the MCP specification.

Note that the MCP server in this repo is logically separate from the application that handles the report SSE + HTTP transports, and from OAuth.

As a result, you can easily fork this repo, and plug in your own MCP server and OAuth credentials for a working SSE/HTTP + OAuth MCP server with your own functionality.

But, why?

Great question! The MCP specification added the authorization specification based on OAuth on March 25, 2025. At present, as of May 1, 2025:

The Typescript SDK contains many of the building blocks for accomplishing an OAuth-authorized MCP server with streamable HTTP, but there is no documentation or tutorial on how to build such a server
The Python SDK contains neither an implementation of the streamable HTTP transport, nor an implementation of the OAuth building blocks that are present in the typescript SDK
The Streamable HTTP transport is broadly unsupported by MCP host applications such as Cursor and Claude desktop, though it may be integrated directly into agents written in JavaScript using the JS/TS SDK's StreamableHttpClientTransport class

At Naptha AI, we really wanted to build an OAuth-authorized MCP server on the streamable HTTP transport, and couldn't find any reference implementations, so we decided to build one ourselves!

Dependencies

Bun, a fast all-in-one JavaScript runtime, is the recommended runtime and package manager for this repository. Limited compatibility testing has been done with npm + tsc.

Overview

This repository provides the following:

An MCP server, which you can easily replace with your own
An express.js application that manages both the SSE and Streamable HTTP transports and OAuth authorization.

This express application is what you plug your credentials and MCP server into.

Note that while this express app implements the required OAuth endpoints including /authorize and the Authorization Server Metadata endpoint (RFC8414), it does not implement an OAuth authorization server!

This example proxies OAuth to an upstream OAuth server which supports dynamic client registration (RFC7591). To use this example, you will need to bring your own authorization server. We recommend using Auth0; see the "Setting up OAuth" Section below.

Configuring your server

Notes on OAuth & Dynamic Client Registration

To use this example, you need an OAuth authorization server. Do not implement this yourself! For the purposes of creating our demo, we used Auth0 -- this is a great option, though there are many others.

The MCP specification requires support for an uncommon OAuth feature, specifically RFC7591, Dynamic Client Registration. The MCP specification specifies that MCP clients and servers should support the Dynamic client registration protocol, so that MCP clients (whever your client transport lives) can obtain Client IDs without user registration. This allows new clients (agents, apps, etc.) to automatically register with new servers. More details on this can be found in the authorization section of the MCP specification, but this means that unfortunately, you cannot simply proxy directly to a provider like Google or GitHub, which do not support dynamic client registration (they require you to register clients in th

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

28/100across 5 weighted dimensions

How we score →

0255075100

−72

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Http Oauth Mcp Server safe to use?: Http Oauth Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Http Oauth Mcp Server?: Http Oauth Mcp Server can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Http Oauth Mcp Server?: Http Oauth Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Http Oauth Mcp Server actively maintained?: Http Oauth Mcp Server is not actively maintained — last commit was 376 days ago. It has 106 GitHub stars.