MCP Auth Server Proxy for Firebase

A ready-to-deploy OAuth2 authentication server that integrates Firebase Authentication with the Model Context Protocol (MCP). This proxy server handles OAuth2 flows and provides secure authentication for MCP servers and clients.

🔥 What is this?

This is a complete OAuth2 authentication server that:

• 🔐 Handles OAuth2 flows for MCP clients (VS Code, Claude Desktop, etc.)
• 🔥 Uses Firebase Authentication as the backend identity provider
• 🚀 Ready to deploy with Docker or directly with Gradle
• 🎯 MCP-compatible with proper discovery endpoints and error handling
• ⚡ Easy to configure with just environment variables

🏗️ Architecture

graph TD
    A[MCP Client<br/>VS Code, Claude Desktop] --> B[Your MCP Server<br/>:8080]
    B --> C[MCP Auth Server Proxy<br/>:9000 - This Project]
    C --> D[Firebase Authentication<br/>Google's Service]
    
    style C fill:#f9f,stroke:#333,stroke-width:3px
    style C color:#000

• MCP Clients → Your MCP Server → This Auth Proxy → Firebase
• This proxy handles all OAuth2 complexity so your MCP server stays simple
• Firebase provides the actual user authentication and management

✨ Features

OAuth2 Compliance

• ✅ Authorization Code flow with PKCE
• ✅ Token exchange and refresh
• ✅ Client registration
• ✅ OAuth2 discovery endpoints
• ✅ Proper error handling with WWW-Authenticate headers

Firebase Integration

• ✅ Firebase ID token validation
• ✅ User profile extraction (email, name, picture)
• ✅ Service account authentication
• ✅ Secure token embedding in JWT claims

MCP Compatibility

• ✅ .well-known discovery endpoints
• ✅ Proper resource metadata responses
• ✅ MCP Inspector compatible
• ✅ CORS enabled for web clients

Production Ready

• ✅ Docker containerized
• ✅ Environment-based configuration
• ✅ Health check endpoints
• ✅ Comprehensive logging
• ✅ Professional UI templates

🚀 Quick Start

Prerequisites

• Firebase project with Authentication enabled
• Firebase service account key
• Java 17+ (if running locally) or Docker

1. Clone and Configure

git clone https://github.com/muthuishere/mcp-firebase-auth-server.git
cd mcp-firebase-auth-server

# Copy and edit environment file
cp .env.example .env
# Edit .env with your Firebase credentials

2. Deploy

# Option 1: Docker (Recommended)
docker-compose up -d

# Option 2: Local development
./gradlew bootRun

3. Verify

# Check OAuth2 discovery
curl http://localhost:9000/.well-known/oauth-authorization-server

# Visit the auth server
open http://localhost:9000

🎉 That's it! Your OAuth2 auth server is running on port 9000.

🛠️ Configuration

Environment Variables

| Variable | Description | Example | |----------|-------------|---------| | AUTH_SERVER_PORT | Port for the auth server | 9000 | | MCP_AUTH_SERVER_URL | Public URL of this server | http://localhost:9000 | | FIREBASE_PROJECT_ID | Your Firebase project ID | my-project-123 | | FIREBASE_API_KEY | Firebase web API key | AIzaSy... | | FIREBASE_SERVICE_ACCOUNT_KEY | Firebase service account JSON | {"type":"service_account",...} |

Firebase Setup

1. Create a Firebase project at Firebase Console
2. Enable Authentication with desired providers (Google, Email/Password, etc.)
3. Generate a service account key from Project Settings → Service Accounts
4. Get your web API key from Project Settings → General

📖 Available Endpoints

OAuth2 Endpoints

• GET /.well-known/oauth-authorization-server - OAuth2 server metadata
• GET /.well-known/openid-configuration - OpenID Connect discovery
• GET /oauth2/authorize - Authorization endpoint
• POST /oauth2/token - Token exchange endpoint
• POST /oauth2/refresh - Token refresh endpoint
• POST /oauth2/register - Dynamic client registration
• POST /oauth2/consent - User consent handling

Authentication Fl

... View full README on GitHub