oauth_cognito_mcp_server/
oauth_cognito_mcp_server.rs

1use oauth_provider_rs::{CognitoOAuthConfig, CognitoOAuthProvider};
2use remote_mcp_kernel::{
3    config::Config, error::AppResult, microkernel::create_full_cognito_microkernel,
4};
5use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt};
6
7#[tokio::main]
8async fn main() -> AppResult<()> {
9    // Load environment variables
10    dotenv::dotenv().ok();
11
12    // Load configuration
13    let config = Config::from_env()?;
14
15    // Initialize tracing
16    init_tracing(&config)?;
17
18    tracing::info!("Starting MCP OAuth server with Cognito and microkernel architecture...");
19
20    // Create Cognito OAuth provider
21    let cognito_config = CognitoOAuthConfig {
22        client_id: config.cognito.client_id.clone(),
23        client_secret: config.cognito.client_secret.clone().unwrap_or_default(),
24        redirect_uri: config.cognito.redirect_uri.clone(),
25        scope: config.cognito.scope.clone(),
26        provider_name: "cognito".to_string(),
27    };
28    let oauth_provider = CognitoOAuthProvider::new_cognito(
29        cognito_config,
30        config.cognito.cognito_domain.clone(),
31        config.cognito.region.clone(),
32        config.cognito.user_pool_id.clone(),
33    );
34
35    // Log configuration
36    log_startup_info(&config);
37
38    // Create microkernel server with all handlers composed
39    let microkernel = create_full_cognito_microkernel(oauth_provider);
40
41    // Start the microkernel server
42    let bind_address = config.bind_socket_addr()?;
43    microkernel.serve(bind_address).await?;
44
45    Ok(())
46}
47
48fn init_tracing(config: &Config) -> AppResult<()> {
49    tracing_subscriber::registry()
50        .with(
51            tracing_subscriber::EnvFilter::try_from_default_env()
52                .unwrap_or_else(|_| config.logging.level.as_str().into()),
53        )
54        .with(tracing_subscriber::fmt::layer())
55        .init();
56
57    Ok(())
58}
59
60fn log_startup_info(config: &Config) {
61    println!("🚀 Starting MCP OAuth server with Cognito and microkernel architecture...");
62    println!("📋 Configuration:");
63    println!("  - Architecture: Microkernel (independent handlers)");
64    println!("  - OAuth Provider: AWS Cognito");
65    println!("  - Server: {}:{}", config.server.host, config.server.port);
66    println!("  - Version: {}", config.server.version);
67    println!(
68        "  - Cognito Client ID: {}",
69        if config.cognito.client_id.is_empty() {
70            "Not configured"
71        } else {
72            "Configured"
73        }
74    );
75    println!(
76        "  - Cognito Client Secret: {}",
77        match &config.cognito.client_secret {
78            Some(secret) if !secret.is_empty() => "Configured",
79            _ => "Not configured (Public Client)",
80        }
81    );
82    println!(
83        "  - Cognito Domain: {}",
84        if config.cognito.cognito_domain.is_empty() {
85            "Not configured"
86        } else {
87            &config.cognito.cognito_domain
88        }
89    );
90    println!(
91        "  - Cognito Region: {}",
92        if config.cognito.region.is_empty() {
93            "Not configured"
94        } else {
95            &config.cognito.region
96        }
97    );
98    println!(
99        "  - Cognito User Pool ID: {}",
100        if config.cognito.user_pool_id.is_empty() {
101            "Not configured"
102        } else {
103            &config.cognito.user_pool_id
104        }
105    );
106    println!("  - Cognito Scopes: {}", config.cognito.scope);
107    println!("🔧 Handlers:");
108    println!("  - OAuth Provider (Cognito authentication & authorization)");
109    println!("  - Streamable HTTP Handler (MCP over HTTP)");
110    println!("  - SSE Handler (MCP over SSE)");
111    println!();
112    println!("🔐 Required Environment Variables:");
113    println!("  - COGNITO_CLIENT_ID: Your Cognito app client ID");
114    println!(
115        "  - COGNITO_CLIENT_SECRET: Your Cognito app client secret (optional for public clients)"
116    );
117    println!(
118        "  - COGNITO_DOMAIN: Your Cognito domain (e.g., mydomain.auth.us-east-1.amazoncognito.com)"
119    );
120    println!("  - COGNITO_REGION: AWS region (e.g., us-east-1)");
121    println!("  - COGNITO_USER_POOL_ID: Your Cognito user pool ID (e.g., us-east-1_XXXXXXXXX)");
122    println!("  - COGNITO_SCOPE: OAuth scopes (default: 'openid email profile phone')");
123    println!("  - MCP_HOST: Server host (default: localhost)");
124    println!("  - MCP_PORT: Server port (default: 8080)");
125    println!();
126    println!("🌐 OAuth 2.0 Endpoints:");
127    println!(
128        "  - Authorization: https://{}/oauth2/authorize",
129        config.cognito.cognito_domain
130    );
131    println!(
132        "  - Token: https://{}/oauth2/token",
133        config.cognito.cognito_domain
134    );
135    println!(
136        "  - JWKS: https://{}/oauth2/jwks",
137        config.cognito.cognito_domain
138    );
139    println!(
140        "  - UserInfo: https://{}/oauth2/userInfo",
141        config.cognito.cognito_domain
142    );
143    println!();
144}