A reusable MCP HTTP server with OAuth 2.1 that turns any JSON-RPC handler into a production-ready endpoint with dynamic client registration, PKCE, refresh tokens, and OpenAPI docs.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
process.env. You'll be asked to provide them before it can run.OAUTH_ISSUER— URL _empty_ Expected iss claim for JWT validation.OAUTH_AUDIENCE— string _empty_ Expected aud claim for JWT validation.OAUTH_JWKS_URI— URL _empty_ JWKS endpoint for external IdP signature verification.OAUTH_ALGORITHM— string RS256 JWT algorithm (RS256, HS256, …).OAUTH_REQUIRED_SCOPE— string _empty_ Scope required for all requests (e.g. mcp:read).MCP_API_KEY— string change-me Static API key accepted as Bearer token (used when OAuth disabled or as fallback).JWT_SECRET— string _empty_ HMAC secret fallback when no JWKS URI is configured.MCP_HANDLER— example.main:handler mcp-service[](https://m8ven.ai/mcp/avengermojo-mcp-service-6wsfm8)