GiviKDev.OAuth

OAuth 2.1 facade for ASP.NET Core. Proxies authorization, token, and registration requests to an upstream identity provider while serving AS metadata (RFC 8414) locally. Bridges MCP servers with enterprise identity providers that don't support the full OAuth stack MCP requires (DCR, resource indicators).

Quick Start

builder.Services.AddOAuth(opts =>
{
    opts.UpstreamAuthorizeEndpoint = "https://idp.example.com/authorize";
    opts.UpstreamTokenEndpoint = "https://idp.example.com/token";
    opts.ClientId = "my-client-id";
    opts.ScopesSupported = ["openid", "profile"];
});

app.MapOAuth();

With Microsoft Entra ID

builder.Services.AddOAuthEntra(opts =>
{
    opts.TenantId = "your-tenant-id";
    opts.ClientId = "your-client-id";
    opts.ScopesSupported = ["openid", "profile"];
});

app.MapOAuth();

With MCP Server

builder.Services.AddOAuth(opts =>
{
    opts.UpstreamAuthorizeEndpoint = "https://idp.example.com/authorize";
    opts.UpstreamTokenEndpoint = "https://idp.example.com/token";
    opts.ClientId = "my-client-id";
    opts.ScopesSupported = ["openid", "profile"];
});

builder.Services.AddOAuthMcp();

builder.Services.AddMcpServer()
    .WithHttpTransport();

app.UseAuthentication();
app.UseAuthorization();
app.MapOAuth();
app.MapMcp().RequireAuthorization();

With Entra + MCP (composable)

builder.Services.AddOAuthEntra(opts =>
{
    opts.TenantId = "your-tenant-id";
    opts.ClientId = "your-client-id";
    opts.ScopesSupported = ["api://your-api/access_as_user"];
});

builder.Services.AddOAuthMcp();

builder.Services.AddMcpServer()
    .WithHttpTransport();

app.UseAuthentication();
app.UseAuthorization();
app.MapOAuth();
app.MapMcp().RequireAuthorization();

What It Does

Endpoint	Behaviour
`/.well-known/oauth-authorization-server`	Serves AS metadata with local URLs
`/.well-known/oauth-protected-resource`	Serves PRM with scopes and AS URLs (MCP package)
`/authorize`	Redirects to upstream IdP
`/token`	Proxies POST to upstream token endpoint
`/register`	Returns pre-registered client_id (DCR facade)

Packages

Package	Purpose
`GiviKDev.OAuth`	Core facade — AS metadata, /authorize proxy, /token proxy, DCR facade
`GiviKDev.OAuth.Mcp`	MCP integration — Protected Resource Metadata via the MCP SDK
`GiviKDev.OAuth.Entra`	Entra adapter — computes upstream URLs, strips `resource` parameter

Documentation

See docs/ for project context, scope, and roadmap.

Contributing

See CONTRIBUTING.md.

License

MIT

Name		Name	Last commit message	Last commit date
Latest commit History 28 Commits
.config		.config
.github		.github
docs		docs
src		src
tests		tests
.editorconfig		.editorconfig
.gitattributes		.gitattributes
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
.releaserc.yml		.releaserc.yml
.yamlfmt.yaml		.yamlfmt.yaml
.yamllint.yml		.yamllint.yml
CHANGELOG.md		CHANGELOG.md
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
Directory.Build.props		Directory.Build.props
Directory.Packages.props		Directory.Packages.props
GiviKDev.OAuth.slnx		GiviKDev.OAuth.slnx
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
SECURITY.md		SECURITY.md
global.json		global.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

GiviKDev.OAuth

Quick Start

With Microsoft Entra ID

With MCP Server

With Entra + MCP (composable)

What It Does

Packages

Documentation

Contributing

License

About

Uh oh!

Releases 4

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

GiviKDev.OAuth

Quick Start

With Microsoft Entra ID

With MCP Server

With Entra + MCP (composable)

What It Does

Packages

Documentation

Contributing

License

About

Topics

Resources

License

Code of conduct

Contributing

Security policy

Uh oh!

Stars

Watchers

Forks

Releases 4

Contributors

Uh oh!

Languages