Show HN: AuthPlane – OAuth 2.1 and PKCE authorization server for MCP

Category: security

Tags: oauth, authorization-server, mcp, go, self-hosted

Score: 7.8/10 (Innovation: 7, Technical: 8, Documentation: 9, Utility: 7)

AuthPlane is a self-hosted OAuth 2.1 and PKCE authorization server specifically designed for the Model Context Protocol (MCP), enabling secure token issuance, federation with existing IdPs, and agent-to-agent delegation. It combines a Go binary with an embedded Admin UI, SDKs for multiple languages, and support for advanced features like DPoP and RFC 8693 token exchange, making it a comprehensive solution for securing MCP servers. Its innovative focus on the emerging MCP ecosystem and production-ready deployment options (PostgreSQL, OpenTelemetry, Helm) set it apart from generic OAuth servers.

Target audience: backend devs, security engineers, devops

Repository: https://github.com/authplane/authserver · Go · AGPL-3.0 · 10 stars

View on Hacker News