modelcontextprotocol
diff --git a/‎examples/servers/proxy-auth/README.md
Lines changed: 95 additions & 0 deletions b/‎examples/servers/proxy-auth/README.md
Lines changed: 95 additions & 0 deletions
diff --git a/‎examples/servers/proxy-auth/proxy_auth/__init__.py
Lines changed: 25 additions & 0 deletions b/‎examples/servers/proxy-auth/proxy_auth/__init__.py
Lines changed: 25 additions & 0 deletions
diff --git a/‎examples/servers/proxy-auth/proxy_auth/__main__.py
Lines changed: 7 additions & 0 deletions b/‎examples/servers/proxy-auth/proxy_auth/__main__.py
Lines changed: 7 additions & 0 deletions
diff --git a/‎examples/servers/proxy_oauth/auth_server.py renamed to ‎examples/servers/proxy-auth/proxy_auth/auth_server.py
Lines changed: 39 additions & 10 deletions b/‎examples/servers/proxy_oauth/auth_server.py renamed to ‎examples/servers/proxy-auth/proxy_auth/auth_server.py
Lines changed: 39 additions & 10 deletions
@@ -0,0 +1,95 @@
+# OAuth Proxy Server
+
+This is a minimal OAuth proxy server example for the MCP Python SDK that demonstrates how to create a transparent OAuth proxy for existing OAuth providers.
+
+## Installation
+
+```bash
+# Navigate to the proxy-auth directory
+cd examples/servers/proxy-auth
+
+# Install the package in development mode
+uv add -e .
+```
+
+## Configuration
+
+The servers can be configured using either:
+
+1. **Command-line arguments** (take precedence when provided)
+2. **Environment variables** (loaded from `.env` file when present)
+
+Example `.env` file:
+```
+# Auth Server Configuration
+AUTH_SERVER_HOST=localhost
+AUTH_SERVER_PORT=9000
+AUTH_SERVER_URL=http://localhost:9000
+
+# Resource Server Configuration
+RESOURCE_SERVER_HOST=localhost
+RESOURCE_SERVER_PORT=8001
+RESOURCE_SERVER_URL=http://localhost:8001
+
+# Combo Server Configuration
+COMBO_SERVER_HOST=localhost
+COMBO_SERVER_PORT=8000
+
+# OAuth Provider Configuration
+UPSTREAM_AUTHORIZE=https://github.com/login/oauth/authorize
+UPSTREAM_TOKEN=https://github.com/login/oauth/access_token
+CLIENT_ID=your-client-id
+CLIENT_SECRET=your-client-secret
+DEFAULT_SCOPE=openid
+```
+
+## Running the Servers
+
+The example consists of three server components that can be run using the project scripts defined in pyproject.toml:
+
+### Step 1: Start Authorization Server
+
+```bash
+# Start Authorization Server on port 9000
+uv run mcp-proxy-auth-as --port=9000
+
+# Or rely on environment variables from .env file
+uv run mcp-proxy-auth-as
+```
+
+**What it provides:**
+- OAuth 2.0 flows (authorization, token exchange)
+- Token introspection endpoint for Resource Servers (`/introspect`)
+- Client registration endpoint (`/register`)
+
+### Step 2: Start Resource Server (MCP Server)
+
+```bash
+# In another terminal, start Resource Server on port 8001
+uv run mcp-proxy-auth-rs --port=8001 --auth-server=http://localhost:9000 --transport=streamable-http
+
+# Or rely on environment variables from .env file
+uv run mcp-proxy-auth-rs
+```
+
+### Step 3: Alternatively, Run Combined Server
+
+For simpler testing, you can run a combined proxy server that handles both authentication and resource access:
+
+```bash
+# Run the combined proxy server on port 8000
+uv run mcp-proxy-auth-combo --port=8000 --transport=streamable-http
+
+# Or rely on environment variables from .env file
+uv run mcp-proxy-auth-combo
+```
+
+## How It Works
+
+The proxy OAuth server acts as a transparent proxy between:
+1. Client applications requesting OAuth tokens
+2. Upstream OAuth providers (like GitHub, Google, etc.)
+
+This allows MCP servers to leverage existing OAuth providers without implementing their own authentication systems.
+
+The server code is organized in the `proxy_auth` package for better modularity.
@@ -0,0 +1,25 @@
+"""OAuth Proxy Server for MCP."""
+
+__version__ = "0.1.0"
+
+# Import key components for easier access
+from .auth_server import main as auth_server_main
+from .auth_server import run_server as run_auth_server
+from .combo_server import main as combo_server_main
+from .combo_server import mcp as proxy_server
+from .resource_server import main as resource_server_main
+from .resource_server import mcp as resource_server
+from .token_verifier import IntrospectionTokenVerifier
+
+__all__ = [
+    "run_auth_server",
+    "resource_server",
+    "proxy_server",
+    "IntrospectionTokenVerifier",
+    "auth_server_main",
+    "resource_server_main",
+    "combo_server_main",
+]
+
+# Aliases for the script entry points
+main = combo_server_main
@@ -0,0 +1,7 @@
+"""Main entry point for Combo Proxy OAuth Resource+Auth MCP server."""
+
+import sys
+
+from .combo_server import main
+
+sys.exit(main())  # type: ignore[call-arg]
@@ -1,14 +1,16 @@
 # pyright: reportMissingImports=false
+import argparse
+import asyncio
 import logging
 import os
 import time
 
 from dotenv import load_dotenv  # type: ignore
-from mcp.server.auth.provider import AccessToken, OAuthToken
+from mcp.server.auth.provider import AccessToken
 from mcp.server.auth.providers.transparent_proxy import (
     ProxySettings,  # type: ignore
-    TransparentOAuthProxyProvider,
     ProxyTokenHandler,
+    TransparentOAuthProxyProvider,
 )
 from mcp.server.auth.routes import cors_middleware, create_auth_routes
 from mcp.server.auth.settings import ClientRegistrationOptions
@@ -32,7 +34,7 @@
 )
 
 # Dedicated logger for this server module
-logger = logging.getLogger("proxy_oauth.auth_server")
+logger = logging.getLogger("proxy_auth.auth_server")
 
 # Suppress noisy INFO messages from the FastMCP low-level server unless we are
 # explicitly running in DEBUG mode. These logs (e.g. "Processing request of type
@@ -139,6 +141,7 @@ def _mask_secret(secret: str | None) -> str | None:  # noqa: D401
 proxy_token_handler = ProxyTokenHandler(oauth_provider)
 routes.append(Route("/token", endpoint=proxy_token_handler.handle, methods=["POST"]))
 
+
 # Add token introspection endpoint for Resource Servers
 async def introspect_handler(request: Request) -> Response:
     """
@@ -183,22 +186,48 @@ async def introspect_handler(request: Request) -> Response:
 auth_app = Starlette(routes=routes)
 
 
-async def run_server():
+async def run_server(host: str = AUTH_SERVER_HOST, port: int = AUTH_SERVER_PORT):
     """Run the Authorization Server."""
     config = Config(
         auth_app,
-        host=AUTH_SERVER_HOST,
-        port=AUTH_SERVER_PORT,
+        host=host,
+        port=port,
         log_level="info",
     )
     server = Server(config)
 
-    logger.info(f"🚀 MCP Authorization Server running on {AUTH_SERVER_URL}")
+    logger.info(f"🚀 MCP Authorization Server running on http://{host}:{port}")
 
     await server.serve()
 
 
-if __name__ == "__main__":
-    import asyncio
+def main():
+    """Command-line entry point for the Authorization Server."""
+    parser = argparse.ArgumentParser(description="MCP OAuth Proxy Authorization Server")
+    parser.add_argument(
+        "--host",
+        default=None,
+        help="Host to bind to (overrides AUTH_SERVER_HOST env var)",
+    )
+    parser.add_argument(
+        "--port",
+        type=int,
+        default=None,
+        help="Port to bind to (overrides AUTH_SERVER_PORT env var)",
+    )
 
-    asyncio.run(run_server())
+    args = parser.parse_args()
+
+    # Use command-line arguments only if provided, otherwise use environment variables
+    host = args.host or AUTH_SERVER_HOST
+    port = args.port or AUTH_SERVER_PORT
+
+    # Log the configuration being used
+    logger.info(f"Starting Authorization Server with host={host}, port={port}")
+    logger.info("Using environment variables from .env file if present")
+
+    asyncio.run(run_server(host=host, port=port))
+
+
+if __name__ == "__main__":
+    main()