Bring-Your-Own OAuth Access Token Over Stdio

[minznerjosh]

I wanted to get some thoughts from the project maintainers about the idea of being able to pass your own OAuth Access Token as a argument/env var when running the server over stdio.

The context is that I've developed an MCP Gateway for my organization that handles running MCP servers over stdio in the cloud and exposing access to them via HTTP + SSE. The gateway gives each session its own instance of the MCP Server. It also supports secrets and oauth credential management. The gateway manages the oauth flow, refreshing tokens in the background, restarting the MCP Server when the access token is refreshed, etc. And then it provides a way to pass these tokens to MCP servers when spinning them up.

For many services, PAT/API Keys/etc. are interchangeable with OAuth access tokens from an API perspective. So even if an MCP Server's docs say to provide an API Key/PAT, I can just pass an access token and it "just works."

I was hoping to be able to use the PAT mechanism to pass my access tokens to this MCP Server, but so far I've identified two issues:

• I'm using Atlassian Cloud, and the env var validation therefore prevents from providing a PAT
• From what I've seen reading your OAuth code, the API endpoints for OAuth are actually different than when using a PAT?

So I'd like to get a sense of:

• Would you welcome a contribution to enable my use case, or is it too much of a special case to warrant inclusion?
• If so, are there any gotchas/tricky bits you can think of that will make this especially challenging?
  • My initial thinking is to have a new env var ATLASSIAN_OAUTH_ACCESS_TOKEN. When that's provided alongside ATLASSIAN_OAUTH_CLOUD_ID, it sets config.auth_type to oauth but instead of creating/passing a session to the client, it just passes the ATLASSIAN_OAUTH_ACCESS_TOKEN value as token instead.