CTX7-884: OAuth Support for MCP #1176

fahreddinozcan · 2025-12-05T21:22:33Z

This PR adds OAuth 2.0 authentication support to the MCP server, enabling secure access control for MCP clients.

Changes

New OAuth-protected endpoint (/mcp/oauth) - Requires authentication via JWT tokens
JWT validation - Validates tokens against the authorization server's JWKS endpoint with caching (1 hour TTL)
OAuth Protected Resource Metadata - Implements RFC 9728 discovery endpoint at /.well-known/oauth-protected-resource
WWW-Authenticate header - Returns resource metadata URL to help clients discover the authorization server
Backward compatibility - The existing /mcp endpoint remains available for anonymous access

New Files

packages/mcp/src/lib/jwt.ts - JWT validation utilities using jose library

Configuration

AUTH_SERVER_URL - Authorization server URL (default: https://context7.com)
RESOURCE_URL - Resource server URL for metadata

…7-884

linear · 2025-12-05T21:22:36Z

CTX7-884 oauth for mcp

…7-884

packages/mcp/src/lib/api.ts

packages/mcp/src/lib/jwt.ts

packages/mcp/src/index.ts

packages/mcp/src/lib/jwt.ts

…TX7-884

fahreddinozcan added 4 commits December 3, 2025 10:56

docs plan

f09477f

oauth poc

41c79fe

Merge branch 'master' of https://github.com/upstash/context7 into CTX…

b10a1cb

…7-884

stash

e639e28

mintlify bot deployed to staging - docs December 5, 2025 21:23 View deployment

add jwt validation

21a8f8f

mintlify bot deployed to staging - docs December 5, 2025 21:30 View deployment

fahreddinozcan changed the title ~~Ctx7 884~~ CTX7-884: OAuth Support for MCP Dec 8, 2025

fahreddinozcan added 5 commits December 8, 2025 11:12

cleanup for review

e70d61d

ci: add changeset

eef2d53

feat: add audience

47a6275

feat: finalize jwt check and cleanup

14c7341

Merge branch 'master' of https://github.com/upstash/context7 into CTX…

7fdf7cd

…7-884

mintlify bot deployed to staging - docs January 5, 2026 13:25 View deployment

cleanup comments

b6778a0