oauth_cognito_mcp_server/
oauth_cognito_mcp_server.rs

1use remote_mcp_kernel::{config::Config, error::AppResult, microkernel::create_full_cognito_microkernel};
2use oauth_provider_rs::{CognitoOAuthConfig, CognitoOAuthProvider};
3use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt};
4
5#[tokio::main]
6async fn main() -> AppResult<()> {
7    // Load environment variables
8    dotenv::dotenv().ok();
9
10    // Load configuration
11    let config = Config::from_env()?;
12
13    // Initialize tracing
14    init_tracing(&config)?;
15
16    tracing::info!("Starting MCP OAuth server with Cognito and microkernel architecture...");
17
18    // Create Cognito OAuth provider
19    let cognito_config = CognitoOAuthConfig {
20        client_id: config.cognito.client_id.clone(),
21        client_secret: config.cognito.client_secret.clone().unwrap_or_default(),
22        redirect_uri: config.cognito.redirect_uri.clone(),
23        scope: config.cognito.scope.clone(),
24        provider_name: "cognito".to_string(),
25    };
26    let oauth_provider = CognitoOAuthProvider::new_cognito(
27        cognito_config,
28        config.cognito.cognito_domain.clone(),
29        config.cognito.region.clone(),
30        config.cognito.user_pool_id.clone(),
31    );
32
33    // Log configuration
34    log_startup_info(&config);
35
36    // Create microkernel server with all handlers composed
37    let microkernel = create_full_cognito_microkernel(oauth_provider);
38
39    // Start the microkernel server
40    let bind_address = config.bind_socket_addr()?;
41    microkernel.serve(bind_address).await?;
42
43    Ok(())
44}
45
46fn init_tracing(config: &Config) -> AppResult<()> {
47    tracing_subscriber::registry()
48        .with(
49            tracing_subscriber::EnvFilter::try_from_default_env()
50                .unwrap_or_else(|_| config.logging.level.as_str().into()),
51        )
52        .with(tracing_subscriber::fmt::layer())
53        .init();
54
55    Ok(())
56}
57
58fn log_startup_info(config: &Config) {
59    println!("🚀 Starting MCP OAuth server with Cognito and microkernel architecture...");
60    println!("📋 Configuration:");
61    println!("  - Architecture: Microkernel (independent handlers)");
62    println!("  - OAuth Provider: AWS Cognito");
63    println!("  - Server: {}:{}", config.server.host, config.server.port);
64    println!("  - Version: {}", config.server.version);
65    println!(
66        "  - Cognito Client ID: {}",
67        if config.cognito.client_id.is_empty() {
68            "Not configured"
69        } else {
70            "Configured"
71        }
72    );
73    println!(
74        "  - Cognito Client Secret: {}",
75        match &config.cognito.client_secret {
76            Some(secret) if !secret.is_empty() => "Configured",
77            _ => "Not configured (Public Client)",
78        }
79    );
80    println!(
81        "  - Cognito Domain: {}",
82        if config.cognito.cognito_domain.is_empty() {
83            "Not configured"
84        } else {
85            &config.cognito.cognito_domain
86        }
87    );
88    println!(
89        "  - Cognito Region: {}",
90        if config.cognito.region.is_empty() {
91            "Not configured"
92        } else {
93            &config.cognito.region
94        }
95    );
96    println!(
97        "  - Cognito User Pool ID: {}",
98        if config.cognito.user_pool_id.is_empty() {
99            "Not configured"
100        } else {
101            &config.cognito.user_pool_id
102        }
103    );
104    println!("  - Cognito Scopes: {}", config.cognito.scope);
105    println!("🔧 Handlers:");
106    println!("  - OAuth Provider (Cognito authentication & authorization)");
107    println!("  - Streamable HTTP Handler (MCP over HTTP)");
108    println!("  - SSE Handler (MCP over SSE)");
109    println!();
110    println!("🔐 Required Environment Variables:");
111    println!("  - COGNITO_CLIENT_ID: Your Cognito app client ID");
112    println!(
113        "  - COGNITO_CLIENT_SECRET: Your Cognito app client secret (optional for public clients)"
114    );
115    println!(
116        "  - COGNITO_DOMAIN: Your Cognito domain (e.g., mydomain.auth.us-east-1.amazoncognito.com)"
117    );
118    println!("  - COGNITO_REGION: AWS region (e.g., us-east-1)");
119    println!("  - COGNITO_USER_POOL_ID: Your Cognito user pool ID (e.g., us-east-1_XXXXXXXXX)");
120    println!("  - COGNITO_SCOPE: OAuth scopes (default: 'openid email profile phone')");
121    println!("  - MCP_HOST: Server host (default: localhost)");
122    println!("  - MCP_PORT: Server port (default: 8080)");
123    println!();
124    println!("🌐 OAuth 2.0 Endpoints:");
125    println!(
126        "  - Authorization: https://{}/oauth2/authorize",
127        config.cognito.cognito_domain
128    );
129    println!(
130        "  - Token: https://{}/oauth2/token",
131        config.cognito.cognito_domain
132    );
133    println!(
134        "  - JWKS: https://{}/oauth2/jwks",
135        config.cognito.cognito_domain
136    );
137    println!(
138        "  - UserInfo: https://{}/oauth2/userInfo",
139        config.cognito.cognito_domain
140    );
141    println!();
142}