Labsco
adobe-rnd logo

MCP Remote with Okta/Adobe IMS Authentication

โ˜… 2

from adobe-rnd

A remote MCP server that uses Adobe IMS/Okta for authentication.

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedFreeAdvanced setup

MCP Remote with Adobe and Okta Authentication

A wrapper for mcp-remote that handles Adobe IMS or Okta authentication using OAuth implicit flow, providing seamless authentication for protected MCP servers.

Features

  • ๐Ÿ” Multi-Provider OAuth: Implements Adobe's and Okta's OAuth implicit flow for secure user authentication.
  • ๐Ÿ”„ Token Management: Automatic token storage, validation, and expiration handling.
  • ๐Ÿ–ฅ๏ธ Cross-Platform: Works on macOS, Windows, and Linux.
  • ๐Ÿš€ Zero Maintenance: Set it once, never worry about tokens again.
  • ๐Ÿ”ง Configurable: Support for multiple environments, scopes, and authentication methods.
  • ๐Ÿ”’ Secure Storage: Tokens stored securely in user's home directory.
  • ๐ŸŽฏ Production Ready: Robust error handling for both Adobe and Okta.

How It Works

This wrapper implements the OAuth implicit flow for authentication:

  1. OAuth Setup: Configures OAuth parameters for the selected provider (Adobe or Okta).
  2. Browser Authentication: Opens browser for secure user authentication.
  3. Token Capture: Local HTTP server captures OAuth callback with tokens.
  4. Token Storage: Securely stores tokens with expiration tracking.
  5. JWT Exchange: Optional JWT token exchange for servers requiring JWT authentication.
  6. MCP Launch: Launches mcp-remote with Authorization: Bearer <token> header.

Authentication Flow

The package implements a complete OAuth implicit flow:

1. Generate OAuth URL โ†’ Auth Server (Adobe IMS or Okta)
2. Open Browser โ†’ User Authentication
3. Capture Callback โ†’ Local HTTP Server  
4. Extract Tokens โ†’ From URL Fragment
5. Store Tokens โ†’ Secure Local Storage
6. Launch MCP โ†’ With Auth Header

Environments

The library supports multiple Adobe IMS environments. For Okta, the domain is configured directly via OKTA_DOMAIN.

  • Production (prod) - Default Adobe production environment
  • Stage (stage, stg) - Adobe staging environment for testing
  • Development (dev, development) - Adobe development environment
export ADOBE_IMS_ENV="stage"  # Use Adobe staging environment

Architecture

This package is built with:

  • OAuth Implicit Flow - For client-side applications
  • Multi-Provider Support - Adobe IMS and Okta
  • Auto-refresh - Background token refresh with configurable timing
  • Debug Mode - Comprehensive logging for troubleshooting
  • mcp-remote - MCP remote server client
  • Node.js 18+ - Modern JavaScript runtime
  • Native HTTP Server - For OAuth callback handling

The implementation provides robust error handling, automatic token management, and follows OAuth security best practices.

  • Process cleanup: Timers are properly cleaned up on exit

Auto-Refresh

The wrapper automatically refreshes tokens before they expire to ensure uninterrupted service:

# Enable auto-refresh (default: true)
export AUTO_REFRESH=true

# Set refresh threshold to 5 minutes before expiration
export REFRESH_THRESHOLD=5

# Disable auto-refresh
export AUTO_REFRESH=false

Auto-refresh features:

  • Background refresh: Tokens are refreshed automatically before expiration
  • Configurable threshold: Set how many minutes before expiration to trigger refresh
  • Graceful fallback: If auto-refresh fails, manual authentication is triggered
  • Process cleanup: Timers are properly cleaned up on exit