Skip to content

Refactor to hosted HTTP + OAuth 2.1 transport#42

Draft
ChiragAgg5k wants to merge 5 commits into
mainfrom
refactor/hosted-http-oauth
Draft

Refactor to hosted HTTP + OAuth 2.1 transport#42
ChiragAgg5k wants to merge 5 commits into
mainfrom
refactor/hosted-http-oauth

Conversation

@ChiragAgg5k

@ChiragAgg5k ChiragAgg5k commented Jun 22, 2026

Copy link
Copy Markdown
Member

Summary

Replaces the stdio + API-key MCP with a hosted, multi-tenant OAuth 2.1 resource server over the MCP Streamable HTTP transport. Users authenticate against Appwrite Cloud's per-project OAuth server; the MCP validates the bearer token and forwards it to the Appwrite REST API, which accepts the OAuth2 access token directly (AccessToken::findIdentity). This follows the MCP authorization spec (OAuth 2.1 + PKCE, RFC 9728 protected-resource metadata, RFC 8414/OIDC AS discovery, RFC 7591 DCR, RFC 8707 resource indicators).

Connection URL is per-project: https://<host>/<project_id>/mcp.

Changes

  • Transport — custom Starlette ASGI app (http_app.py) serving Streamable HTTP at /{project_id}/mcp (SSE responses, stateless). stdio transport, --transport/MCP_TRANSPORT removed.
  • Auth (auth.py) — RFC 9728 protected-resource metadata route, WWW-Authenticate 401 challenge, and a per-project RS256/JWKS TokenVerifier that derives the project from the JWT iss claim and enforces RFC 8707 audience binding. Reuses the SDK's BearerAuthBackend/AuthContextMiddleware so the token reaches tool handlers via get_access_token().
  • Execution — split tool schema (built once via SDK introspection) from binding; each call re-binds the SDK method to a per-request client built from the request's OAuth token (resolve_client/build_client_for_request). The appwrite_search_tools/appwrite_call_tool operator surface and write-confirmation guard are unchanged.
  • Packaging/docsDockerfile, streamable-http remote in server.json, rewritten HTTP/OAuth README, .env.example. Version → 0.5.0.
  • Tooling — added Ruff linter (E/F/W/I, E501 left to black) + CI lint step; pinned all GitHub Actions to commit SHAs; pinned uv (0.11.22) and build/twine; added a Docker-build CI job.

API-key helpers (build_client, etc.) remain only as integration-test scaffolding — the running server has no API-key path.

Testing

  • 33 unit tests pass (incl. new test_auth.py); ruff check and black --check clean.
  • Docker image builds and the container serves /healthz 200, correct RFC 9728 metadata, and an unauthenticated 401 + WWW-Authenticate challenge.

Cloud-side dependencies (required for the full live OAuth round-trip)

These live in the Appwrite Cloud repo, not here:

  1. RFC 8707 Resource Indicators must write the requested resource into the issued JWT aud (the verifier requires audience binding).
  2. RFC 7591 Dynamic Client Registration endpoint on the OAuth2 module.
  3. Recommended: RFC 8414 metadata alias; and each project's oAuth2Server.scopes must include the advertised scope set.

Notes

  • Left as floating (open to hardening): Docker base python:3.12-slim tag and runs-on: ubuntu-latest.
  • Ruff rule set kept focused (no UP/B) to avoid churn; easy to expand later.

@ChiragAgg5k
Refactor to hosted HTTP + OAuth 2.1 transport
a3c3412 
Replace the stdio + API-key server with a hosted, multi-tenant OAuth 2.1
resource server over the MCP Streamable HTTP transport. Users authenticate
against Appwrite Cloud's per-project OAuth server; the MCP validates the
bearer token and forwards it to the Appwrite REST API (which accepts the
OAuth2 access token directly).

- Transport: custom Starlette ASGI app serving Streamable HTTP at
  /{project_id}/mcp (SSE responses, stateless). stdio transport removed.
- Auth (new auth.py): RFC 9728 protected-resource metadata, WWW-Authenticate
  401 challenge, and a per-project RS256/JWKS token verifier that derives the
  project from the JWT `iss` claim and enforces RFC 8707 audience binding.
- Execution: split tool schema (built once via SDK introspection) from
  binding; each call re-binds the SDK method to a per-request client built
  from the request's OAuth token.
- Packaging: Dockerfile, streamable-http remote in server.json, HTTP/OAuth
  README, .env.example. Bump to 0.5.0.
- Tooling: add Ruff linter (E/F/W/I) alongside black; pin GitHub Actions to
  commit SHAs, pin uv (0.11.22) and build/twine; add Docker-build CI job.

API-key helpers remain only as integration-test scaffolding.
@ChiragAgg5k
Auto-discover all SDK services; source scopes from AS discovery
390d501 
- register_services now auto-discovers every Appwrite SDK service class
  (14 services, 376 tools) via an EXCLUDED_SERVICES knob, instead of a
  hardcoded list of 9. Adds account, databases, graphql, health, tokens.
- protected-resource metadata's scopes_supported is now sourced live from
  the project's authorization-server discovery (cached per project), so it
  never drifts from the tool surface. Removed the static scope list.
@ChiragAgg5k
Bump Appwrite SDK to 21.0.0 (adds oauth2 + apps services)
43ce3f0 
Auto-discovery picks up the new oauth2, apps, and 9 other services
(25 total, 575 tools). SDK 21.0.0 returns Pydantic models whose
to_dict() keeps result formatting intact, and stores the project in
client config rather than eagerly in headers (test assertion updated).
Bumps server version to 0.6.0.
@ChiragAgg5k
docs+tests: cover RFC 7591 dynamic client registration
802706f 
The cloud OAuth server now advertises an open registration_endpoint
(RFC 7591), so MCP clients self-register without pre-shared credentials.
This server is the OAuth 2.1 Resource Server and needs no runtime change;
document the now-live self-service registration step and lock the
discovery contract it depends on.

- README: explicit self-service DCR step (public/PKCE, no client_id/secret
  to provision), project-setup note, and regional APPWRITE_ENDPOINT caveat
  (token iss is validated against it).
- unit: supported_scopes works against DCR-enabled discovery (no network).
- integration: assert the AS advertises registration_endpoint == issuer/register
  and exposes scopes_supported; skips when the endpoint predates DCR.
@ChiragAgg5k
Serve a single project at /mcp (drop project_id from path)
1b638d4 
Collapse the multi-tenant /<project_id>/mcp routing to a single-tenant
/mcp endpoint for the Appwrite Cloud console project. The served project
is now a constant (APPWRITE_PROJECT_ID, default 'console'); the token
verifier rejects any token whose issuer names a different project.

Also fix the README service undercount (14 -> 25 auto-discovered
services) and remove the project-setup and self-hosting sections, since
the OAuth endpoints only exist on Cloud.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ChiragAgg5k