Building Supabase-Like OAuth Authentication for MCP Servers
6 days ago
- #Authentication
- #OAuth2
- #MCP
- Hypr MCP built an MCP Server Gateway to add OAuth2 authentication to MCP servers without code changes.
- MCP specification requires OAuth2, ASM, DCR, and PRS extensions, but many IdPs lack full support.
- Key challenges include incompatible OIDC vs. OAuth2 ASM and sparse DCR support in existing IdPs.
- Hypr's solution uses Dex as an IdP with custom GRPC implementations for missing features.
- The gateway includes a reverse proxy, CORS support, OAuth2 middleware, PRS endpoint, and ASM proxying.
- Dynamic Client Registration (DCR) was added via Dex's GRPC API for on-demand client creation.
- Testing was done with 'MCP, Who am I?' server to validate authentication workflows.
- Undocumented client behaviors and client persistence issues were encountered and addressed.
- Hypr MCP Gateway is open-source and implements all discussed features for easy adoption.