MCP OAuth Server — Next.js PoC

A fully stateless Model Context Protocol server protected by OAuth 2.0 with Dynamic Client Registration and PKCE. No database, no in-memory state — every artifact (client_id, authorization code, access token) is a self-contained HMAC-signed token.

Connect from Claude Code

claude mcp add --transport http mcp-oauth https://mcp-oauth-server-next.vercel.app/api/mcp

Claude Code performs the discovery → registration → authorize → token flow automatically. Sign in with demo / demo when the browser opens.

Endpoints

Proof of concept only. The signing secret and credentials are public and hardcoded.