Getting ready for secure MCP with Quarkus MCP Server

[giscus[bot]]

Getting ready for secure MCP with Quarkus MCP Server

Quarkus: Supersonic Subatomic Java

https://quarkus.io/blog/secure-mcp-sse-server/

[lmccay]

This is almost the topic that I needed at the moment and definitely one that I need a little later. :)
I am looking to have my MCP Server authenticate to a remote API using the OAuth client credentials flow with a client_id and client_secret. It doesn't seem to be able to recognize the quarkus.oidc.grant.type application property even though I seem to have quarkus-oidc-client added properly. Does anyone have any experience with this?

[sberyozkin]

@lmccay client_credentials is for MCP client to acquire a token and send it to MCP server in a server to server use case, with no user authentication. As far as MCP server is concerned, it does not really mind how the access token was acquired, it deals with verifying such tokens.

Note MCP server relies on quarlus-oidc which supports either an authorization code flow or a bearer token verification.

quarkus-oidc-client is another extension for acquiring tokens with grants like client_credentials that Quarkus MCP client may support in the future, but it is not relevant to the work of Quarkus MCP server. The property you mentioned is indeed not available in the quarkus.oidc namespace, but only in the quarkus.oidc-client one.

Does it clarify it ?

[lmccay]

Yes, I think that I am aware of that. I am not concerned with the current use of my MCP Server by my colocated Goose Agent and do not require authentication there YET. I am however creating an MCP Server that must authenticate to another external API in order to fulfill the MCP client's request as part of the Tool implementation. I was using username and password in the application properties and wanted to replace them with client_id and client_secret and to acquire a JWT access token to use for API calls to the external API.

Therefore, I think that I want to use quarkus-oidc-client inside the MCP Server. Is there a conflict between the MCP Server's use of quarkus-oidc as you indicate above and needing to add the client side as well? I have included the quarkus-oidc-client in the pom file so I expected it to work.

[lmccay]

I've gotten further by changing the grant.type to "quarkus.oidc-client=client" - didn't realize at first that you were saying that. Thank you!

[sberyozkin]

@lmccay Sure, makes sense. Indeed, you can combine oidc-client and oidc extensions as they serve different roles

[jacobhm98]

From here:
"MCP servers MUST implement the OAuth 2.0 Protected Resource Metadata (RFC9728) specification to indicate the locations of authorization servers. The Protected Resource Metadata document returned by the MCP server MUST include the authorization_servers field containing at least one authorization server."

Is it correct that this .well-known/oauth-protected-resource endpoint is not implemented automatically by the quarkus-oidc SDK? Is there a recommended way to accomplish this? Or should I just manually create a .well-known/oauth-protected-resource endpoint in my MCP server?

[sberyozkin]

@jacobhm98

Is it correct that this .well-known/oauth-protected-resource endpoint is not implemented automatically by the quarkus-oidc SDK?

We've implemented it for Quarkus 3.25: #48734, 3.25 CR1 will be released shortly.

FYI, it is only relevant if you are using an MCP client that has implemented the latest stable MCP authorization spec and which insists on the MCP server providing authorization_servers metadata. Also even though this is a must there, I'm pretty sure a lot of MCP clients will allow to configure themselves directly...

If really needed (for ex, you will not be able to move to Quarkus 3.25 in the short term), you can easily create a similar handler by copying and pasting that code, but indeed, if the MCP client is not enforcing it then it should not be necessary

[jacobhm98]

Great! Im building an MCP server with quarkus that will definitely need this right now, still in dev mode so we can probably wait for 3.25. When do you guess this will be released?

[sberyozkin]

@jacobhm98 Sounds good, 3.25.CR1 is scheduled for tomorrow: https://github.com/quarkusio/quarkus/wiki/Release-Planning

[jacobhm98]

🥳

[abvaidya]

@sberyozkin Thank you for this feature, I am observing that claude code and cursor both fail to properly handle 401 with empty response body. I was trying to use Authentication Exception handler but that doesn't seem to come into effect. Do you have any recommendations for this problem?

[abvaidya]

Quarkus version: 3.25.3

When I make a request to my mcp server without a token, quarkus correctly returns 401 with resource metadata url based on

but the response doesnt contain auth-server, the way documentation mentions at https://quarkus.io/guides/security-oidc-expanded-configuration#resource-metadata-properties
and cursor is not able to handle non-json response ( I am assuming its expecting a json response with some error etc. )

 
quarkus:
  oidc:
    auth-server-url: "https://autorization-server"
    resource-metadata:
      enabled: true
      resource: "https://${server.host}/.well-known/oauth-protected-resource"

# sample response
❯ curl -i https://my-mcp-server/mcp
HTTP/2 401
www-authenticate: Bearer resource_metadata="https://my-mcp-server/.well-known/oauth-protected-resource"
content-length: 0


# cursor output
2025-10-29 20:37:06.478 [info] Handling CreateClient action
2025-10-29 20:37:06.478 [info] Creating streamableHttp transport
2025-10-29 20:37:06.478 [info] Connecting to streamableHttp server
2025-10-29 20:37:06.478 [info] No stored tokens found
2025-10-29 20:37:09.082 [info] No stored client information found
2025-10-29 20:37:09.084 [info] Using redirect URL {"url":"cursor://anysphere.cursor-mcp/oauth/user-my-mcp-server/callback"}
2025-10-29 20:37:09.562 [error] Client error for command HTTP 401: Invalid OAuth error response: SyntaxError: Unexpected end of JSON input. Raw body: 
2025-10-29 20:37:09.563 [info] Client closed for command
2025-10-29 20:37:09.563 [error] Error connecting to streamableHttp server, falling back to SSE: HTTP 401: Invalid OAuth error response: SyntaxError: Unexpected end of JSON input. Raw body: 
2025-10-29 20:37:09.563 [error] Error connecting to streamableHttp server, falling back to SSE: HTTP 401: Invalid OAuth error response: SyntaxError: Unexpected end of JSON input. Raw body: 
2025-10-29 20:37:09.563 [info] Connecting to SSE server
2025-10-29 20:37:09.564 [info] No stored tokens found
2025-10-29 20:37:11.082 [info] No stored client information found
2025-10-29 20:37:11.083 [info] Using redirect URL {"url":"cursor://anysphere.cursor-mcp/oauth/user-my-mcp-server/callback"}
2025-10-29 20:37:11.705 [error] Client error for command HTTP 401: Invalid OAuth error response: SyntaxError: Unexpected end of JSON input. Raw body: 
2025-10-29 20:37:11.705 [error] Error connecting to SSE server after fallback: HTTP 401: Invalid OAuth error response: SyntaxError: Unexpected end of JSON input. Raw body:

[sberyozkin]

@abvaidya

I am still trying to resolve the error "oauth authorization error: unexpected error occurred: TypeError: Failed to fetch" when control comes back to the http://localhost:xxxx callback in the MCP inspectorcan you

That rings a bell, make sure CORS is enabled, see an IMPORTANT note that we added at https://docs.quarkiverse.io/quarkus-mcp-server/dev/index.html#_security, you can copy and paste that one and that will work with MCP inspector

[abvaidya]

aha! i had added cors based on the blog but yes that WAS the problem with the error in the inspector. Thank you so much! I really appreciate it.

[abvaidya]

I spoke too soon :(
I dont know if its the inspector that is misbehaving but I am receiving /authorize and /token calls on my mcp server as opposed to on my authorization server. Have you come across something like this?

[sberyozkin]

@abvaidya That might happen if your https://autorization-server is co-located with the MCP server or if it does not respond to MCP inspector trying the fetch its metadata, some authorization servers support .well-known/openid-configuration only, latest MCP spec talks about .well-known/oauth-authorization-server, though the draft mentions both options.

But in any case as long as Quarkus MCP server returns a correct authorization server URL in its protected resource metadata response, it is up to the MCP inspector to resolve it correctly. Try 0.16.7 which definitely worked for me, check the browser dev tools, hope you'll sort it out correctly.

If necessary, Quarkus OIDC proxy can help to resolve the MCP Client and the authorization server integration issues

[abvaidya]

Thank you for the suggestion. it was cors just that i had a typo which i figured a little late. I was able to finish the guided oauth flow successfully in the inspector.

oidc proxy is very interesting!