{"id":"atrawog-mcp-oauth-gateway","name":"mcp-oauth-gateway","af_score":36.0,"security_score":64.5,"reliability_score":23.8,"what_it_does":"mcp-oauth-gateway is an experimental OAuth 2.1 authorization layer for MCP servers. It fronts MCP endpoints with an OAuth authorization server (GitHub as IdP) and supports dynamic client registration, user login (web/device flows), token issuance (JWT/refresh), and forwarding/authentication for MCP HTTP transport, without modifying the upstream MCP server code (wrapping/bridging for HTTP transport is used).","best_when":"You want a reference/test platform to integrate OAuth 2.1 + GitHub identity with MCP endpoints while keeping upstream MCP servers unmodified.","avoid_when":"You need a turnkey, well-audited production gateway with guaranteed stability, rigorous error semantics, and published operational guarantees.","last_evaluated":"2026-03-30T15:21:39.943872+00:00","has_mcp":false,"has_api":true,"auth_methods":["OAuth 2.1 Authorization Server endpoints","Dynamic client registration (RFC 7591/7592)","GitHub OAuth for user authentication","Device flow (RFC 8628) for non-browser scenarios (per README)","JWT bearer access tokens for MCP endpoint access","Opaque refresh tokens for token refresh","Registration access token for client management endpoints"],"has_free_tier":false,"known_gotchas":["Complex OAuth lifecycle (register → authorize → callback → token → refresh/revoke) increases agent orchestration complexity.","State management depends on Redis TTL/keys; misconfiguration may cause hard-to-debug authorization failures.","Because this is explicitly labeled experimental with possible vulnerabilities, behaviors and edge-case error formats may not be fully standardized."],"error_quality":0.0}