Skip to content

feat(proxy): add MCP authorization flow with OAuth proxy#244

Merged
TarasSpashchenko merged 6 commits intomainfrom
feat/mcp-auth-proxy-plugin
Apr 10, 2026
Merged

feat(proxy): add MCP authorization flow with OAuth proxy#244
TarasSpashchenko merged 6 commits intomainfrom
feat/mcp-auth-proxy-plugin

Conversation

@TarasSpashchenko
Copy link
Copy Markdown
Collaborator

@TarasSpashchenko TarasSpashchenko commented Apr 9, 2026
edited
Loading

Summary

  • Add stdio-to-HTTP MCP proxy bridge with built-in OAuth authorization code flow
  • Implement MCP auth proxy plugin for the SSO proxy, enabling MCP-protocol-aware token injection and OAuth orchestration
  • Add per-origin cookie jar to persist session cookies across MCP requests

Changes

  • New src/mcp/ module: StdioHttpBridge, McpOAuthProvider, CallbackServer, and proxy logger
  • New mcp-auth.plugin.ts SSO proxy plugin handling MCP protocol specifics (initialize, tool calls, OAuth metadata)
  • New codemie mcp-proxy <url> CLI command and bin/codemie-mcp-proxy.js lightweight entry point
  • Added @modelcontextprotocol/client and @modelcontextprotocol/server dependencies
  • Updated .gitignore and .gitleaks.toml to exclude .mcp.json config files

Impact

Enables Claude Code (and other MCP clients) to connect to OAuth-protected MCP servers through CodeMie's SSO proxy, handling the full authorization flow transparently via stdio.

Checklist

  • Self-reviewed
  • Manual testing performed
  • Documentation updated (if needed)
  • No breaking changes (or clearly documented)

TarasSpashchenko and others added 5 commits April 9, 2026 15:45
@TarasSpashchenko @codemie-ai
feat(proxy): add MCP authorization flow proxy plugin
1323fe5 
Intercept MCP OAuth auth requests through CodeMie proxy for traceability
and client_name branding. Introduces /mcp_auth and /mcp_relay URL scheme
with response URL rewriting, origin discovery, SSRF protection via
private-network filtering, and TTL-based origin expiration.

Generated with AI

Co-Authored-By: codemie-ai <codemie.ai@gmail.com>
@TarasSpashchenko
feat(proxy): add MCP authorization flow mcp stdio proxy
5c9d74b
@TarasSpashchenko @codemie-ai
feat(proxy): add cookie jar and cleanup stdio-http bridge
0a5a411 
Add per-origin cookie jar to persist session cookies across MCP requests,
pass transport explicitly to OAuth flow handler, and clean up comments.
Also fix gitleaks allowlist to match .mcp.json.lock files.

Generated with AI

Co-Authored-By: codemie-ai <codemie.ai@gmail.com>
@TarasSpashchenko @codemie-ai
docs: add MCP proxy documentation across all guides
4e22053 
Document the MCP authorization proxy feature in README, COMMANDS,
ARCHITECTURE-PROXY, AUTHENTICATION, EXAMPLES, and internal guides
(architecture, external-integrations).

Generated with AI

Co-Authored-By: codemie-ai <codemie.ai@gmail.com>
@TarasSpashchenko @codemie-ai
fix: add executable permission to codemie-mcp-proxy.js
2c86960 
Generated with AI

Co-Authored-By: codemie-ai <codemie.ai@gmail.com>
@TarasSpashchenko @codemie-ai
feat(cli): add codemie mcp add command wrapping codemie-mcp-proxy
dca6aff 
Adds `codemie mcp add [--scope <scope>] <name> <url>` command that
delegates to `claude mcp add [--scope] <name> -- codemie-mcp-proxy <url>`,
eliminating the need to know the proxy binary name or argument order.

Generated with AI

Co-Authored-By: codemie-ai <codemie.ai@gmail.com>
@TarasSpashchenko TarasSpashchenko merged commit 9169ba4 into main Apr 10, 2026
5 checks passed
@TarasSpashchenko TarasSpashchenko deleted the feat/mcp-auth-proxy-plugin branch April 10, 2026 09:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@8nevil8 8nevil8 8nevil8 approved these changes

@vadimvlasenko vadimvlasenko Awaiting requested review from vadimvlasenko

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TarasSpashchenko @8nevil8