{"id":"kriasoft-oauth-callback","name":"oauth-callback","af_score":64.2,"security_score":70.5,"reliability_score":41.2,"what_it_does":"Provides a lightweight OAuth 2.0 authorization-code callback handler by spinning up a temporary localhost HTTP server to receive the redirect, returning the authorization code (and state/extra query params). Also includes an MCP (Model Context Protocol) SDK integration via a browserAuth provider with configurable token storage (in-memory or file-based) and support for dynamic client registration.","best_when":"You need an easy, local-only redirect handler for OAuth authorization-code flows (especially for CLI/desktop), optionally integrated as an MCP OAuth provider.","avoid_when":"You cannot bind to localhost or where your environment blocks opening local loopback ports; also avoid for security-sensitive deployments without reviewing token file permissions and threat model.","last_evaluated":"2026-03-30T15:41:56.888769+00:00","has_mcp":false,"has_api":false,"auth_methods":["authorization-code redirect capture on localhost","OAuth error handling via OAuthError","MCP browserAuth OAuth provider (uses MCP SDK transports)"],"has_free_tier":false,"known_gotchas":["Ensure redirect_uri matches the localhost callback URL (port/hostname/path) configured in getAuthCode and the OAuth provider.","If using default port 3000, handle port-in-use conflicts by configuring port/hostname.","When using fileStore(), token files may persist across runs; be mindful of permissions and namespace (storeKey).","OAuth providers may require PKCE/state; pass/validate state to prevent CSRF as recommended by README (implementation details not fully shown here)."],"error_quality":null}