oauth_cognito_mcp_server/
oauth_cognito_mcp_server.rs

1use oauth_provider_rs::CognitoOAuthProvider;
2use remote_mcp_kernel::{
3    config::{
4        get_bind_socket_addr, get_cognito_domain, get_cognito_oauth_provider_config,
5        get_cognito_region, get_cognito_user_pool_id, get_logging_level,
6    },
7    error::AppResult,
8    microkernel::create_full_cognito_microkernel,
9};
10use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt};
11
12#[tokio::main]
13async fn main() -> AppResult<()> {
14    // Load environment variables
15    dotenv::dotenv().ok();
16
17    // Initialize tracing
18    init_tracing()?;
19
20    tracing::info!("Starting MCP OAuth server with Cognito and microkernel architecture...");
21
22    // Create Cognito OAuth provider
23    let cognito_config = get_cognito_oauth_provider_config()?;
24    let oauth_provider = CognitoOAuthProvider::new_cognito(
25        cognito_config,
26        get_cognito_domain()?,
27        get_cognito_region()?,
28        get_cognito_user_pool_id()?,
29    );
30
31    // Log configuration
32    log_startup_info();
33
34    // Create microkernel server with all handlers composed
35    let microkernel = create_full_cognito_microkernel(oauth_provider);
36
37    // Start the microkernel server
38    let bind_address = get_bind_socket_addr()?;
39    microkernel.serve(bind_address).await?;
40
41    Ok(())
42}
43
44fn init_tracing() -> AppResult<()> {
45    tracing_subscriber::registry()
46        .with(
47            tracing_subscriber::EnvFilter::try_from_default_env()
48                .unwrap_or_else(|_| get_logging_level().as_str().into()),
49        )
50        .with(tracing_subscriber::fmt::layer())
51        .init();
52
53    Ok(())
54}
55
56fn log_startup_info() {
57    use remote_mcp_kernel::config::{
58        get_cognito_client_id, get_cognito_client_secret, get_cognito_domain, get_cognito_region,
59        get_cognito_scope, get_cognito_user_pool_id, get_server_host, get_server_port,
60        get_server_version,
61    };
62
63    println!("🚀 Starting MCP OAuth server with Cognito and microkernel architecture...");
64    println!("📋 Configuration:");
65    println!("  - Architecture: Microkernel (independent handlers)");
66    println!("  - OAuth Provider: AWS Cognito");
67    println!(
68        "  - Server: {}:{}",
69        get_server_host(),
70        get_server_port().unwrap_or(8080)
71    );
72    println!("  - Version: {}", get_server_version());
73    println!(
74        "  - Cognito Client ID: {}",
75        if get_cognito_client_id().is_ok() {
76            "Configured"
77        } else {
78            "Not configured"
79        }
80    );
81    println!(
82        "  - Cognito Client Secret: {}",
83        match get_cognito_client_secret() {
84            Some(secret) if !secret.is_empty() => "Configured",
85            _ => "Not configured (Public Client)",
86        }
87    );
88    println!(
89        "  - Cognito Domain: {}",
90        get_cognito_domain().unwrap_or_else(|_| "Not configured".to_string())
91    );
92    println!(
93        "  - Cognito Region: {}",
94        get_cognito_region().unwrap_or_else(|_| "Not configured".to_string())
95    );
96    println!(
97        "  - Cognito User Pool ID: {}",
98        get_cognito_user_pool_id().unwrap_or_else(|_| "Not configured".to_string())
99    );
100    println!("  - Cognito Scopes: {}", get_cognito_scope());
101    println!("🔧 Handlers:");
102    println!("  - OAuth Provider (Cognito authentication & authorization)");
103    println!("  - Streamable HTTP Handler (MCP over HTTP)");
104    println!("  - SSE Handler (MCP over SSE)");
105    println!();
106    println!("🔐 Required Environment Variables:");
107    println!("  - COGNITO_CLIENT_ID: Your Cognito app client ID");
108    println!(
109        "  - COGNITO_CLIENT_SECRET: Your Cognito app client secret (optional for public clients)"
110    );
111    println!(
112        "  - COGNITO_DOMAIN: Your Cognito domain (e.g., mydomain.auth.us-east-1.amazoncognito.com)"
113    );
114    println!("  - AWS_REGION: AWS region (e.g., us-east-1)");
115    println!("  - COGNITO_USER_POOL_ID: Your Cognito user pool ID (e.g., us-east-1_XXXXXXXXX)");
116    println!("  - COGNITO_SCOPE: OAuth scopes (default: 'openid email profile phone')");
117    println!("  - MCP_HOST: Server host (default: localhost)");
118    println!("  - MCP_PORT: Server port (default: 8080)");
119    println!();
120    println!("🌐 OAuth 2.0 Endpoints:");
121    let cognito_domain = get_cognito_domain().unwrap_or_else(|_| "Not configured".to_string());
122    println!(
123        "  - Authorization: https://{}/oauth2/authorize",
124        cognito_domain
125    );
126    println!("  - Token: https://{}/oauth2/token", cognito_domain);
127    println!("  - JWKS: https://{}/oauth2/jwks", cognito_domain);
128    println!("  - UserInfo: https://{}/oauth2/userInfo", cognito_domain);
129    println!();
130}
oauth_cognito_mcp_server/oauth_cognito_mcp_server.rs

oauth_cognito_mcp_server/
oauth_cognito_mcp_server.rs
