go-training
diff --git a/‎03-oauth-mcp/oauth-server/README.md‎
Lines changed: 251 additions & 0 deletions b/‎03-oauth-mcp/oauth-server/README.md‎
Lines changed: 251 additions & 0 deletions
diff --git a/‎03-oauth-mcp/oauth-server/server.go‎
Lines changed: 41 additions & 8 deletions b/‎03-oauth-mcp/oauth-server/server.go‎
Lines changed: 41 additions & 8 deletions
diff --git a/‎go.mod‎
Lines changed: 1 addition & 0 deletions b/‎go.mod‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎go.sum‎
Lines changed: 4 additions & 0 deletions b/‎go.sum‎
Lines changed: 4 additions & 0 deletions
@@ -0,0 +1,251 @@
+# OAuth MCP Server
+
+OAuth 2.0 authorization server with MCP integration, supporting multiple OAuth providers and storage backends.
+
+## Features
+
+- **Multiple OAuth Providers**: GitHub, Gitea, GitLab
+- **Flexible Storage**: Choose between in-memory or Redis-backed storage
+- **OAuth 2.0 with PKCE**: Full authorization code flow support
+- **MCP Protocol**: Authenticated MCP tools integration
+
+## Quick Start
+
+### Basic Usage (Memory Store)
+
+```bash
+go run . -client_id=<your-client-id> -client_secret=<your-client-secret>
+```
+
+This will start the server on port 8095 using in-memory storage.
+
+### Using Redis Store
+
+```bash
+# Start Redis (using Docker)
+docker run -d -p 6379:6379 redis:alpine
+
+# Run server with Redis
+go run . \
+  -client_id=<your-client-id> \
+  -client_secret=<your-client-secret> \
+  -store redis \
+  -redis-addr localhost:6379
+```
+
+### Using Different Providers
+
+```bash
+# GitHub (default)
+go run . -client_id=<id> -client_secret=<secret> -provider github
+
+# GitLab
+go run . -client_id=<id> -client_secret=<secret> -provider gitlab
+
+# Gitea
+go run . -client_id=<id> -client_secret=<secret> -provider gitea -gitea-host https://gitea.com
+```
+
+## Command-Line Flags
+
+### Required Flags
+
+- `-client_id`: OAuth 2.0 Client ID from your OAuth provider
+- `-client_secret`: OAuth 2.0 Client Secret from your OAuth provider
+
+### Optional Flags
+
+#### Server Configuration
+
+- `-addr`: Server address (default: `:8095`)
+- `-log-level`: Logging level: DEBUG, INFO, WARN, ERROR (default: DEBUG)
+
+#### OAuth Provider
+
+- `-provider`: OAuth provider name (default: `github`)
+  - Supported: `github`, `gitea`, `gitlab`
+- `-gitea-host`: Gitea host URL (default: `https://gitea.com`)
+- `-gitlab-host`: GitLab host URL (default: `https://gitlab.com`)
+
+#### Storage Backend
+
+- `-store`: Storage type (default: `memory`)
+  - `memory`: In-memory storage (data lost on restart)
+  - `redis`: Redis-backed persistent storage
+- `-redis-addr`: Redis server address (default: `localhost:6379`)
+  - Only used when `-store=redis`
+- `-redis-password`: Redis password (optional)
+  - Only used when `-store=redis`
+- `-redis-db`: Redis database number (default: 0)
+  - Only used when `-store=redis`
+
+## Storage Options
+
+### Memory Store
+
+**Pros:**
+
+- No external dependencies
+- Fast access
+- Simple setup
+- Good for development/testing
+
+**Cons:**
+
+- Data lost on restart
+- Not suitable for production with multiple instances
+- Limited by available memory
+
+**Usage:**
+
+```bash
+go run . -client_id=<id> -client_secret=<secret> -store memory
+```
+
+### Redis Store
+
+**Pros:**
+
+- Persistent storage
+- Suitable for production
+- Supports multiple server instances
+- Automatic expiration handling
+
+**Cons:**
+
+- Requires Redis server
+- Network dependency
+- Additional operational complexity
+
+**Usage:**
+
+```bash
+# Basic Redis connection
+go run . -client_id=<id> -client_secret=<secret> -store redis
+
+# Redis with authentication
+go run . \
+  -client_id=<id> \
+  -client_secret=<secret> \
+  -store redis \
+  -redis-addr localhost:6379 \
+  -redis-password mypassword \
+  -redis-db 1
+```
+
+## Endpoints
+
+- `GET /.well-known/oauth-authorization-server`: OAuth authorization server metadata
+- `GET /.well-known/oauth-protected-resource`: Protected resource metadata
+- `GET /authorize`: OAuth authorization endpoint
+- `POST /token`: OAuth token endpoint
+- `POST /register`: Dynamic client registration endpoint
+- `POST /mcp`: MCP protocol endpoint (requires authentication)
+- `GET /mcp`: MCP protocol SSE endpoint (requires authentication)
+- `DELETE /mcp`: MCP protocol endpoint (requires authentication)
+
+## Examples
+
+### Development Setup
+
+```bash
+# Terminal 1: Start server with memory store
+go run . -client_id=test-id -client_secret=test-secret
+
+# Terminal 2: Run OAuth client example
+cd ../oauth-client
+go run .
+```
+
+### Production Setup with Redis
+
+```bash
+# 1. Start Redis
+docker run -d --name redis \
+  -p 6379:6379 \
+  redis:alpine
+
+# 2. Start OAuth server
+go run . \
+  -client_id=<production-client-id> \
+  -client_secret=<production-client-secret> \
+  -provider github \
+  -store redis \
+  -redis-addr localhost:6379 \
+  -log-level INFO \
+  -addr :8095
+```
+
+### Using Redis Cluster
+
+```bash
+go run . \
+  -client_id=<id> \
+  -client_secret=<secret> \
+  -store redis \
+  -redis-addr "node1:7000,node2:7001,node3:7002"
+```
+
+## Environment Variables
+
+You can also configure Redis connection using environment variables in your code:
+
+```go
+// Example: Load from environment
+store, err := store.NewRedisStoreFromOptions(store.RedisOptions{
+    Addr:     os.Getenv("REDIS_ADDR"),     // default: "localhost:6379"
+    Password: os.Getenv("REDIS_PASSWORD"), // default: ""
+    DB:       0,                            // or parse from env
+})
+```
+
+## Testing
+
+```bash
+# Test with curl
+curl http://localhost:8095/.well-known/oauth-authorization-server
+
+# Register a client
+curl -X POST http://localhost:8095/register \
+  -H "Content-Type: application/json" \
+  -d '{
+    "redirect_uris": ["http://localhost:8080/callback"],
+    "grant_types": ["authorization_code"],
+    "response_types": ["code"]
+  }'
+```
+
+## Troubleshooting
+
+### Redis Connection Issues
+
+If you see "failed to create Redis store" error:
+
+1. Verify Redis is running:
+
+   ```bash
+   redis-cli ping
+   # Should return: PONG
+   ```
+
+2. Check Redis connection:
+
+   ```bash
+   redis-cli -h localhost -p 6379
+   ```
+
+3. Verify network connectivity:
+
+   ```bash
+   telnet localhost 6379
+   ```
+
+### Memory Store Issues
+
+If authorization codes expire too quickly, they are automatically cleaned up. Default expiration is 10 minutes.
+
+## See Also
+
+- [Store Package Documentation](../../pkg/store/README.md)
+- [OAuth Client Example](../oauth-client/)
+- [MCP Protocol](https://github.com/mark3labs/mcp-go)
@@ -82,13 +82,21 @@ func main() {
 	var giteaHost string
 	var gitlabHost string
 	var logLevel string
+	var storeType string
+	var redisAddr string
+	var redisPassword string
+	var redisDB int
 	flag.StringVar(&externalClientID, "client_id", "", "OAuth 2.0 Client ID")
 	flag.StringVar(&externalClientSecret, "client_secret", "", "OAuth 2.0 Client Secret")
 	flag.StringVar(&addr, "addr", ":8095", "address to listen on")
 	flag.StringVar(&providerName, "provider", "github", "OAuth provider: github, gitea, or gitlab")
 	flag.StringVar(&giteaHost, "gitea-host", "https://gitea.com", "Gitea host")
 	flag.StringVar(&gitlabHost, "gitlab-host", "https://gitlab.com", "GitLab host")
 	flag.StringVar(&logLevel, "log-level", "", "Log level (DEBUG, INFO, WARN, ERROR). Defaults to DEBUG in development, INFO in production")
+	flag.StringVar(&storeType, "store", "memory", "Store type: memory or redis")
+	flag.StringVar(&redisAddr, "redis-addr", "localhost:6379", "Redis address (only used when store=redis)")
+	flag.StringVar(&redisPassword, "redis-password", "", "Redis password (only used when store=redis)")
+	flag.IntVar(&redisDB, "redis-db", 0, "Redis database (only used when store=redis)")
 	flag.Parse()
 
 	// Initialize logger with the specified log level
@@ -116,8 +124,33 @@ func main() {
 		os.Exit(1)
 	}
 
-	// Initialize Memory store
-	memoryStore := store.NewMemoryStore()
+	// Initialize store using factory pattern
+	storeConfig := store.Config{
+		Type: store.ParseStoreType(storeType),
+		Redis: store.RedisOptions{
+			Addr:     redisAddr,
+			Password: redisPassword,
+			DB:       redisDB,
+		},
+	}
+
+	oauthStore, err := store.NewStore(storeConfig)
+	if err != nil {
+		slog.Error("Failed to create store", "type", storeType, "error", err)
+		os.Exit(1)
+	}
+
+	// Log the store type being used
+	switch storeConfig.Type {
+	case store.StoreTypeMemory:
+		slog.Info("Using in-memory store")
+	case store.StoreTypeRedis:
+		slog.Info("Using Redis store", "addr", redisAddr, "db", redisDB)
+		// Ensure Redis connection is closed on shutdown
+		if redisStore, ok := oauthStore.(*store.RedisStore); ok {
+			defer redisStore.Close()
+		}
+	}
 
 	mcpServer := NewMCPServer()
 	router := gin.Default()
@@ -187,7 +220,7 @@ func main() {
 		}
 
 		// Get client
-		client, err := memoryStore.GetClient(c.Request.Context(), clientID)
+		client, err := oauthStore.GetClient(c.Request.Context(), clientID)
 		if err != nil {
 			c.JSON(http.StatusBadRequest, gin.H{"error": "invalid client_id"})
 			return
@@ -228,7 +261,7 @@ func main() {
 			CreatedAt:           time.Now().Unix(),
 			ExpiresAt:           time.Now().Add(10 * time.Minute).Unix(),
 		}
-		if err := memoryStore.SaveAuthorizationCode(c.Request.Context(), authCode); err != nil {
+		if err := oauthStore.SaveAuthorizationCode(c.Request.Context(), authCode); err != nil {
 			c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 			return
 		}
@@ -268,7 +301,7 @@ func main() {
 			}
 
 			// Validate client credentials
-			client, err := memoryStore.GetClient(c.Request.Context(), clientID)
+			client, err := oauthStore.GetClient(c.Request.Context(), clientID)
 			if err != nil {
 				c.JSON(http.StatusBadRequest, gin.H{"error": "invalid client_id"})
 				return
@@ -281,7 +314,7 @@ func main() {
 			}
 
 			// Get authorization code
-			authCode, err := memoryStore.GetAuthorizationCode(c.Request.Context(), clientID)
+			authCode, err := oauthStore.GetAuthorizationCode(c.Request.Context(), clientID)
 			if err != nil || authCode == nil {
 				c.JSON(http.StatusBadRequest, gin.H{"error": "invalid code"})
 				return
@@ -345,7 +378,7 @@ func main() {
 			)
 
 			// Delete authorization code
-			if err := memoryStore.DeleteAuthorizationCode(c.Request.Context(), clientID); err != nil {
+			if err := oauthStore.DeleteAuthorizationCode(c.Request.Context(), clientID); err != nil {
 				c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to delete authorization code", "details": err.Error()})
 				return
 			}
@@ -394,7 +427,7 @@ func main() {
 				ClientSecretExpiresAt: time.Now().Add(1 * time.Minute).Unix(),
 			}
 
-			err := memoryStore.CreateClient(context.Background(), client)
+			err := oauthStore.CreateClient(context.Background(), client)
 			if err != nil {
 				c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create client", "details": err.Error()})
 				return
 
@@ -8,6 +8,7 @@ require (
 	github.com/gin-gonic/gin v1.11.0
 	github.com/google/uuid v1.6.0
 	github.com/mark3labs/mcp-go v0.40.0
+	github.com/redis/rueidis v1.0.66
 	go.opentelemetry.io/otel v1.38.0
 	go.opentelemetry.io/otel/trace v1.38.0
 	golang.org/x/oauth2 v0.31.0
 
@@ -57,6 +57,8 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8=
+github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY=
 github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
 github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -65,6 +67,8 @@ github.com/quic-go/qpack v0.5.1 h1:giqksBPnT/HDtZ6VhtFKgoLOWmlyo9Ei6u9PqzIMbhI=
 github.com/quic-go/qpack v0.5.1/go.mod h1:+PC4XFrEskIVkcLzpEkbLqq1uCoxPhQuvK5rH1ZgaEg=
 github.com/quic-go/quic-go v0.54.1 h1:4ZAWm0AhCb6+hE+l5Q1NAL0iRn/ZrMwqHRGQiFwj2eg=
 github.com/quic-go/quic-go v0.54.1/go.mod h1:e68ZEaCdyviluZmy44P6Iey98v/Wfz6HCjQEm+l8zTY=
+github.com/redis/rueidis v1.0.66 h1:7rvyrl0vL/cAEkE97+L5v3MJ3Vg8IKz+KIxUTfT+yJk=
+github.com/redis/rueidis v1.0.66/go.mod h1:Lkhr2QTgcoYBhxARU7kJRO8SyVlgUuEkcJO1Y8MCluA=
 github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY=