renamed to proxy-oauth

Signed-off-by: Jesse Sanford <108698+jessesanford@users.noreply.github.com>

Author: jessesanford

examples/servers/proxy-auth/README.md

@@ -0,0 +1,95 @@
+# OAuth Proxy Server
+
+This is a minimal OAuth proxy server example for the MCP Python SDK that demonstrates how to create a transparent OAuth proxy for existing OAuth providers.
+
+## Installation
+
+```bash
+# Navigate to the proxy-auth directory
+cd examples/servers/proxy-auth
+
+# Install the package in development mode
+uv add -e .
+```
+
+## Configuration
+
+The servers can be configured using either:
+
+1. **Command-line arguments** (take precedence when provided)
+2. **Environment variables** (loaded from `.env` file when present)
+
+Example `.env` file:
+```
+# Auth Server Configuration
+AUTH_SERVER_HOST=localhost
+AUTH_SERVER_PORT=9000
+AUTH_SERVER_URL=http://localhost:9000
+
+# Resource Server Configuration
+RESOURCE_SERVER_HOST=localhost
+RESOURCE_SERVER_PORT=8001
+RESOURCE_SERVER_URL=http://localhost:8001
+
+# Combo Server Configuration
+COMBO_SERVER_HOST=localhost
+COMBO_SERVER_PORT=8000
+
+# OAuth Provider Configuration
+UPSTREAM_AUTHORIZE=https://github.com/login/oauth/authorize
+UPSTREAM_TOKEN=https://github.com/login/oauth/access_token
+CLIENT_ID=your-client-id
+CLIENT_SECRET=your-client-secret
+DEFAULT_SCOPE=openid
+```
+
+## Running the Servers
+
+The example consists of three server components that can be run using the project scripts defined in pyproject.toml:
+
+### Step 1: Start Authorization Server
+
+```bash
+# Start Authorization Server on port 9000
+uv run mcp-proxy-auth-as --port=9000
+
+# Or rely on environment variables from .env file
+uv run mcp-proxy-auth-as
+```
+
+**What it provides:**
+- OAuth 2.0 flows (authorization, token exchange)
+- Token introspection endpoint for Resource Servers (`/introspect`)
+- Client registration endpoint (`/register`)
+
+### Step 2: Start Resource Server (MCP Server)
+
+```bash
+# In another terminal, start Resource Server on port 8001
+uv run mcp-proxy-auth-rs --port=8001 --auth-server=http://localhost:9000 --transport=streamable-http
+
+# Or rely on environment variables from .env file
+uv run mcp-proxy-auth-rs
+```
+
+### Step 3: Alternatively, Run Combined Server
+
+For simpler testing, you can run a combined proxy server that handles both authentication and resource access:
+
+```bash
+# Run the combined proxy server on port 8000
+uv run mcp-proxy-auth-combo --port=8000 --transport=streamable-http
+
+# Or rely on environment variables from .env file
+uv run mcp-proxy-auth-combo
+```
+
+## How It Works
+
+The proxy OAuth server acts as a transparent proxy between:
+1. Client applications requesting OAuth tokens
+2. Upstream OAuth providers (like GitHub, Google, etc.)
+
+This allows MCP servers to leverage existing OAuth providers without implementing their own authentication systems.
+
+The server code is organized in the `proxy_auth` package for better modularity.

examples/servers/proxy-auth/proxy_auth/__init__.py

@@ -3,6 +3,7 @@
 __version__ = "0.1.0"
 
 # Import key components for easier access
+<<<<<<< HEAD
 from .auth_server import auth_server as auth_server
 from .auth_server import main as auth_server_main
 from .combo_server import combo_server as combo_server
@@ -15,6 +16,20 @@
     "auth_server",
     "resource_server",
     "combo_server",
+=======
+from .auth_server import main as auth_server_main
+from .auth_server import run_server as run_auth_server
+from .combo_server import main as combo_server_main
+from .combo_server import mcp as proxy_server
+from .resource_server import main as resource_server_main
+from .resource_server import mcp as resource_server
+from .token_verifier import IntrospectionTokenVerifier
+
+__all__ = [
+    "run_auth_server",
+    "resource_server",
+    "proxy_server",
+>>>>>>> 37d81fe (renamed to proxy-oauth)
     "IntrospectionTokenVerifier",
     "auth_server_main",
     "resource_server_main",

examples/servers/proxy-auth/proxy_auth/__main__.py

@@ -0,0 +1,7 @@
+"""Main entry point for Combo Proxy OAuth Resource+Auth MCP server."""
+
+import sys
+
+from .combo_server import main
+
+sys.exit(main())  # type: ignore[call-arg]

…s/servers/proxy_oauth/resource_server.py …proxy-auth/proxy_auth/resource_server.pyexamples/servers/proxy_oauth/resource_server.py renamed to examples/servers/proxy-auth/proxy_auth/resource_server.py examples/servers/proxy_oauth/resource_server.py renamed to examples/servers/proxy-auth/proxy_auth/resource_server.py

@@ -1,4 +1,5 @@
 # pyright: reportMissingImports=false
+import argparse
 import base64
 import json
 import logging
@@ -321,5 +322,95 @@ def main():
     resource_server.run(transport=args.transport)
 
 
+def create_resource_server(
+    host: str = RESOURCE_SERVER_HOST,
+    port: int = RESOURCE_SERVER_PORT,
+    auth_server_url: str = AUTH_SERVER_URL,
+    validate_resource: bool = False,
+) -> FastMCP:
+    """Create a resource server instance with the given configuration."""
+    resource_server_url = f"http://{host}:{port}"
+
+    # Create token verifier that uses the auth server's introspection endpoint
+    token_verifier = IntrospectionTokenVerifier(
+        introspection_endpoint=f"{auth_server_url}/introspect",
+        server_url=resource_server_url,
+        validate_resource=validate_resource,
+    )
+
+    # Create FastMCP resource server instance
+    server = FastMCP(
+        name="MCP Resource Server",
+        host=host,
+        port=port,
+        auth=AuthSettings(
+            issuer_url=AnyHttpUrl(auth_server_url),
+            resource_server_url=AnyHttpUrl(resource_server_url),
+            required_scopes=["openid"],
+        ),
+        token_verifier=token_verifier,
+    )
+
+    # Add tools
+    @server.tool()
+    def echo(message: str) -> str:
+        return f"Echo: {message}"
+
+    # Add other tools...
+
+    return server
+
+
+def main():
+    """Command-line entry point for the Resource Server."""
+    parser = argparse.ArgumentParser(description="MCP OAuth Proxy Resource Server")
+    parser.add_argument(
+        "--host",
+        default=None,
+        help="Host to bind to (overrides RESOURCE_SERVER_HOST env var)",
+    )
+    parser.add_argument(
+        "--port",
+        type=int,
+        default=None,
+        help="Port to bind to (overrides RESOURCE_SERVER_PORT env var)",
+    )
+    parser.add_argument(
+        "--auth-server",
+        default=None,
+        help="URL of the authorization server (overrides AUTH_SERVER_URL env var)",
+    )
+    parser.add_argument(
+        "--oauth-strict",
+        action="store_true",
+        help="Enable strict RFC 8707 resource validation",
+    )
+    parser.add_argument(
+        "--transport",
+        default="streamable-http",
+        help="Transport type (streamable-http or websocket)",
+    )
+
+    args = parser.parse_args()
+
+    # Use command-line arguments only if provided, otherwise use environment variables
+    host = args.host or RESOURCE_SERVER_HOST
+    port = args.port or RESOURCE_SERVER_PORT
+    auth_server = args.auth_server or AUTH_SERVER_URL
+
+    # Log the configuration being used
+    logger.info(
+        f"Starting Resource Server with host={host}, port={port}, "
+        f"auth_server={auth_server}"
+    )
+    logger.info("Using environment variables from .env file if present")
+
+    # Create a server with the specified configuration if needed
+    # For now, we'll use the global mcp instance
+
+    logger.info(f"🚀 MCP Resource Server running on http://{host}:{port}")
+    mcp.run(transport=args.transport)
+
+
 if __name__ == "__main__":
     resource_server.run(transport="streamable-http")

…es/servers/proxy_oauth/token_verifier.py …/proxy-auth/proxy_auth/token_verifier.pyexamples/servers/proxy_oauth/token_verifier.py renamed to examples/servers/proxy-auth/proxy_auth/token_verifier.py examples/servers/proxy_oauth/token_verifier.py renamed to examples/servers/proxy-auth/proxy_auth/token_verifier.py

@@ -1,5 +1,5 @@
 [project]
-name = "proxy_oauth"
+name = "proxy_auth"
 version = "0.1.0"
 description = "OAuth Proxy Server"
 authors = [{ name = "Your Name" }]
@@ -14,15 +14,20 @@ dev = [
     "pytest>=6.0",
 ]
 
+[project.scripts]
+mcp-proxy-auth-rs = "proxy_auth.resource_server:main"
+mcp-proxy-auth-as = "proxy_auth.auth_server:main"
+mcp-proxy-auth-combo = "proxy_auth.combo_server:main"
+
 [build-system]
 requires = ["hatchling"]
 build-backend = "hatchling.build"
 
 [tool.hatch.build.targets.wheel]
-packages = ["proxy_oauth"]
+packages = ["proxy_auth"]
 
 [tool.pyright]
-include = ["proxy_oauth"]
+include = ["proxy_auth"]
 venvPath = "."
 venv = ".venv"