Add proxy server builder for easy OAuth proxy creation

jessesanford · jessesanford · commit 5272cd77529f · 2025-07-12T04:49:02.000Z
Signed-off-by: Jesse Sanford &lt;108698+jessesanford@users.noreply.github.com&gt;
diff --git a/src/mcp/server/auth/proxy/server.py b/src/mcp/server/auth/proxy/server.py
@@ -0,0 +1,65 @@
+# pyright: reportPrivateUsage=false, reportUnknownParameterType=false
+"""Convenience helper for spinning up a FastMCP Transparent OAuth proxy server."""
+
+from __future__ import annotations
+
+from typing import TYPE_CHECKING, Literal
+
+from pydantic import AnyHttpUrl
+
+from mcp.server.auth.settings import AuthSettings, ClientRegistrationOptions
+from mcp.server.fastmcp import FastMCP
+from mcp.server.fastmcp.utilities.logging import configure_logging
+
+from ..providers.transparent_proxy import TransparentOAuthProxyProvider
+
+if TYPE_CHECKING:  # pragma: no cover – typing-only imports
+    from mcp.server.auth.providers.transparent_proxy import _Settings as ProxySettings
+
+__all__ = ["build_proxy_server"]
+
+
+# ---------------------------------------------------------------------------
+# Public API
+# ---------------------------------------------------------------------------
+
+
+def build_proxy_server(  # noqa: D401,E501
+    *,
+    host: str = "0.0.0.0",
+    port: int = 8000,
+    issuer_url: str | None = None,
+    log_level: Literal["DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"] = "DEBUG",
+    settings: ProxySettings | None = None,
+) -> FastMCP:
+    """Return a fully-configured FastMCP instance running the proxy.
+
+    Prefer passing a fully-validated *settings* object (instance of
+    :class:`mcp.server.auth.providers.transparent_proxy._Settings`) which makes
+    configuration explicit and type-checked.
+    """
+
+    # Runtime import to avoid circular dependency at module import time.
+    from ..providers.transparent_proxy import _Settings as ProxySettings
+
+    if settings is None:
+        settings = ProxySettings.load()
+
+    configure_logging(level=log_level)  # type: ignore[arg-type]
+
+    provider = TransparentOAuthProxyProvider(settings=settings)  # type: ignore[arg-type]
+
+    mcp = FastMCP(
+        name="Transparent OAuth Proxy",
+        host=host,
+        port=port,
+        auth_server_provider=provider,
+        auth=AuthSettings(
+            issuer_url=AnyHttpUrl(issuer_url or f"http://localhost:{port}"),  # type: ignore[arg-type]
+            resource_server_url=AnyHttpUrl(f"http://localhost:{port}"),  # type: ignore[arg-type]
+            required_scopes=["openid"],
+            client_registration_options=ClientRegistrationOptions(enabled=True),
+        ),
+    )
+
+    return mcp
