Skip to content

Commit 7813b50

Browse files
CopilotSamMorrowDrums
Copilot
and
SamMorrowDrums
committed
Add OAuth authentication documentation
- Document OAuth 2.1 PKCE flow for stdio mode - Include setup instructions for GitHub OAuth apps - Document environment variables and CLI flags - Add usage examples with custom scopes - Note that OAuth is stdio-only (not for remote server) Co-authored-by: SamMorrowDrums <4811358+SamMorrowDrums@users.noreply.github.com>
1 parent 13f9216 commit 7813b50

File tree

1 file changed

+36
-0
lines changed

1 file changed

+36
-0
lines changed

README.md

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -186,6 +186,42 @@ To keep your GitHub PAT secure and reusable across different MCP hosts:
186186

187187
</details>
188188

189+
### OAuth Authentication (stdio mode)
190+
191+
For stdio mode (local binary execution), you can use OAuth 2.1 with PKCE instead of a Personal Access Token. This provides an interactive browser-based login flow.
192+
193+
#### Prerequisites for OAuth
194+
195+
1. Create a GitHub OAuth App at [https://github.com/settings/developers](https://github.com/settings/developers)
196+
- Set the callback URL to `http://localhost` (the actual port will be dynamically assigned)
197+
- For public clients, you can use PKCE without a client secret
198+
199+
2. Set your OAuth app credentials:
200+
```bash
201+
export GITHUB_OAUTH_CLIENT_ID=your_client_id
202+
export GITHUB_OAUTH_CLIENT_SECRET=your_client_secret # Optional for public clients with PKCE
203+
```
204+
205+
3. Run the server without a PAT:
206+
```bash
207+
./github-mcp-server stdio
208+
```
209+
210+
The server will automatically detect the OAuth configuration and launch your browser for authorization. After you approve, the server will receive the token and start normally.
211+
212+
#### OAuth Configuration Options
213+
214+
- `--oauth-client-id` / `GITHUB_OAUTH_CLIENT_ID` - Your GitHub OAuth app client ID (required for OAuth flow)
215+
- `--oauth-client-secret` / `GITHUB_OAUTH_CLIENT_SECRET` - Your client secret (optional, PKCE is used)
216+
- `--oauth-scopes` / `GITHUB_OAUTH_SCOPES` - Comma-separated list of scopes (defaults: `repo,user,gist,notifications,read:org,project`)
217+
218+
Example with custom scopes:
219+
```bash
220+
./github-mcp-server stdio --oauth-client-id YOUR_CLIENT_ID --oauth-scopes repo,user
221+
```
222+
223+
> **Note**: OAuth authentication is only available in stdio mode. For remote server usage, use Personal Access Tokens as described above.
224+
189225
### GitHub Enterprise Server and Enterprise Cloud with data residency (ghe.com)
190226

191227
The flag `--gh-host` and the environment variable `GITHUB_HOST` can be used to set

0 commit comments

Comments
 (0)