oauth-server

oauth-server appears to be an OAuth authorization server implementation/package. Based on the provided input, no README, API surface, or configuration details were included, so the exact supported grants, endpoints, and behavior cannot be verified.

Evaluated Apr 04, 2026 (25d ago)
Homepage ↗ Repo ↗ Auth auth oauth authorization-server security
⚙ Agent Friendliness
14
/ 100
Can an agent use this?
🔒 Security
38
/ 100
Is it safe for agents?
⚡ Reliability
28
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
0
Documentation
0
Error Messages
0
Auth Simplicity
45
Rate Limits
0

🔒 Security

TLS Enforcement
20
Auth Strength
60
Scope Granularity
30
Dep. Hygiene
30
Secret Handling
40

Security properties (TLS enforcement, token signing, PKCE support, redirect URI validation, secret storage, and audit/logging) cannot be confirmed from the provided input. OAuth servers are high-risk components; strong configuration and secure defaults are required.

⚡ Reliability

Uptime/SLA
0
Version Stability
40
Breaking Changes
40
Error Recovery
30
AF Security Reliability

Use Cases

  • Provide OAuth 2.0 authorization for third-party apps
  • Issue and validate access/refresh tokens for protected APIs
  • Centralize authentication/authorization in a microservice ecosystem

Not For

  • Turnkey production deployment without security review and configuration
  • Unverified/unknown grant types or token formats where requirements demand specific standards support

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
No
SDK
No
Webhooks
No

Authentication

Methods: OAuth 2.0 (exact flows unknown from provided data)
OAuth: Yes Scopes: No

The package name suggests OAuth, but specific endpoints, supported grant types (authorization code, client credentials, etc.), and scope model are not provided in the input.

Pricing

Free tier: No
Requires CC: No

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • OAuth token/consent flows often require careful state/nonce handling; without documentation, agents may mishandle parameters
  • OAuth servers typically require strict client configuration (redirect URIs, grant types); misconfiguration can look like auth failures

Alternatives

Auth0 / Okta / Cognito (managed OAuth/OIDC) Keycloak (self-hosted identity provider) Spring Authorization Server / Node OAuth libraries (framework-based)

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for oauth-server.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-04-04.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered