modelcontextprotocol · sridharavinash · May 30, 2025 · May 29, 2025 · May 29, 2025 · May 30, 2025
diff --git a/tools/publisher/README.md b/tools/publisher/README.md
@@ -1,6 +1,6 @@
 # MCP Registry Publisher Tool
 
-The MCP Registry Publisher Tool is designed to publish Model Context Protocol (MCP) server details to an MCP registry. This tool currently only handles GitHub authentication via device flow and manages the publishing process.
+The MCP Registry Publisher Tool is designed to publish Model Context Protocol (MCP) server details to an MCP registry. This tool uses GitHub OAuth device flow authentication to securely manage the publishing process.
 
 ## Building the Tool
 
@@ -20,29 +20,30 @@ The compiled binary will be placed in the `bin` directory.
 
 ```bash
 # Basic usage
-./bin/mcp-publisher --registry-url <REGISTRY_URL> --mcp-file <PATH_TO_MCP_FILE>
+./bin/mcp-publisher -registry-url <REGISTRY_URL> -mcp-file <PATH_TO_MCP_FILE>
 
 # Force a new login even if a token exists
-./bin/mcp-publisher --registry-url <REGISTRY_URL> --mcp-file <PATH_TO_MCP_FILE> --login
+./bin/mcp-publisher -registry-url <REGISTRY_URL> -mcp-file <PATH_TO_MCP_FILE> -login
 ```
 
 ### Command-line Arguments
 
-- `--registry-url`: URL of the MCP registry (required)
-- `--mcp-file`: Path to the MCP configuration file (required)
-- `--login`: Force a new GitHub authentication even if a token already exists (overwrites existing token file)
-- `--token`: Use the provided token instead of GitHub authentication (bypasses the device flow)
+- `-registry-url`: URL of the MCP registry (required)
+- `-mcp-file`: Path to the MCP configuration file (required)
+- `-login`: Force a new GitHub authentication even if a token already exists (overwrites existing token file)
+- `-auth-method`: Authentication method to use (default: github-oauth)
 
 ## Authentication
 
-The tool uses GitHub device flow authentication:
-1. The tool automatically retrieves the GitHub Client ID from the registry's health endpoint
-2. When first run (or with `--login` flag), the tool will initiate the GitHub device flow
-3. You'll be provided with a URL and a code to enter
-4. After successful authentication, the tool saves the token locally for future use
-5. The token is sent in the HTTP Authorization header with the Bearer scheme
+The tool has been simplified to use **GitHub OAuth device flow authentication exclusively**. Previous versions supported multiple authentication methods, but this version focuses solely on GitHub OAuth for better security and user experience.
 
-_NOTE_ : Authentication is made on behalf of a OAuth App which you must authorize for respective resources (e.g `org`)
+1. **Automatic Setup**: The tool automatically retrieves the GitHub Client ID from the registry's health endpoint
+2. **First Run Authentication**: When first run (or with the `--login` flag), the tool initiates the GitHub device flow
+3. **User Authorization**: You'll be provided with a URL and a verification code to enter on GitHub
+4. **Token Storage**: After successful authentication, the tool saves the access token locally in `.mcpregistry_token` for future use
+5. **Secure Communication**: The token is sent in the HTTP Authorization header with the Bearer scheme for all registry API calls
+
+**Note**: Authentication is performed via GitHub OAuth App, which you must authorize for the respective resources (e.g., organization access if publishing organization repositories).
 
 ## Example
 
@@ -98,7 +99,9 @@ _NOTE_ : Authentication is made on behalf of a OAuth App which you must authoriz
 
 ## Important Notes
 
-- The GitHub Client ID is automatically retrieved from the registry's health endpoint
-- The authentication token is saved in a file named `.mcpregistry_token` in the current directory
-- The tool requires an active internet connection to authenticate with GitHub and communicate with the registry
-- Make sure the repository and package mentioned in your `mcp.json` file exist and are accessible
+- **GitHub Authentication Only**: The tool exclusively uses GitHub OAuth device flow for authentication
+- **Automatic Client ID**: The GitHub Client ID is automatically retrieved from the registry's health endpoint
+- **Token Storage**: The authentication token is saved in `.mcpregistry_token` in the current directory
+- **Internet Required**: Active internet connection needed for GitHub authentication and registry communication
+- **Repository Access**: Ensure the repository and package mentioned in your `mcp.json` file exist and are accessible
+- **OAuth Permissions**: You may need to grant the OAuth app access to your GitHub organizations if publishing org repositories
diff --git a/tools/publisher/auth/README.md b/tools/publisher/auth/README.md
@@ -0,0 +1,104 @@
+# Authentication System
+
+The publisher tool now uses an interface-based authentication system that allows for multiple authentication mechanisms.
+
+## Architecture
+
+### Provider Interface
+
+The `Provider` interface is defined in `auth/interface.go` and provides the following methods:
+
+- `GetToken(ctx context.Context) (string, error)` - Retrieves or generates an authentication token
+- `NeedsLogin() bool` - Checks if a new login flow is required
+- `Login(ctx context.Context) error` - Performs the authentication flow
+- `Name() string` - Returns the name of the authentication provider
+
+### Available Authentication Providers
+
+#### 1. GitHub OAuth Provider
+- **Location**: `auth/github/oauth.go`
+- **Usage**: Uses GitHub's device flow for authentication
+- **Example**: `github.NewOAuthProvider(forceLogin, registryURL)`
+
+
+## How to Add New Authentication Providers
+
+1. Create a new package under `auth/` directory (e.g., `auth/custom/`)
+2. Implement the `Provider` interface
+3. Add any necessary configuration or initialization functions
+4. Update the main application to use the new provider
+
+### Example Implementation
+
+```go
+package custom
+
+import (
+    "context"
+    "fmt"
+)
+
+type CustomProvider struct {
+    // your custom fields
+}
+
+func NewCustomProvider(config string) *CustomProvider {
+    return &CustomProvider{
+        // initialize your provider
+    }
+}
+
+func (cp *CustomProvider) GetToken(ctx context.Context) (string, error) {
+    // implement token retrieval logic
+    return "custom-token", nil
+}
+
+func (cp *CustomProvider) NeedsLogin() bool {
+    // implement login check logic
+    return false
+}
+
+func (cp *CustomProvider) Login(ctx context.Context) error {
+    // implement authentication flow
+    return nil
+}
+
+func (cp *CustomProvider) Name() string {
+    return "custom-auth"
+}
+```
+
+## Usage in Main Application
+
+The main application automatically selects the appropriate authentication provider:
+
+1. Uses `GitHub OAuth Provider` by default
+2. Future providers can be added by extending the provider selection logic
+
+```go
+// Create the appropriate auth provider based on configuration
+var authProvider auth.Provider
+switch authMethod {
+case "github-oauth":
+    log.Println("Using GitHub OAuth for authentication")
+    authProvider = github.NewOAuthProvider(forceLogin, registryURL)
+default:
+    log.Printf("Unsupported authentication method: %s\n", authMethod)
+    return
+}
+
+// Check if login is needed and perform authentication
+ctx := context.Background()
+if authProvider.NeedsLogin() {
+    err := authProvider.Login(ctx)
+    if err != nil {
+        log.Printf("Failed to authenticate with %s: %s\n", authProvider.Name(), err.Error())
+        return
+    }
+}
+
+// Get the token
+token, err := authProvider.GetToken(ctx)
+```
+
+This design allows for easy extension and testing of different authentication mechanisms while maintaining a clean separation of concerns.