Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mcpjam-mintlify-docs-update-pr-1941-1777246605643.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

The oauth command group handles authentication against MCP servers that require OAuth. Use oauth login to obtain tokens interactively, and the proxy/metadata commands to debug discovery and endpoint behavior.

Quick start

# Interactive login — opens a browser for consent
mcpjam oauth login --url https://your-server.com/mcp \
  --protocol-version 2025-11-25 \
  --registration dcr
On success, the command prints credentials (access token, refresh token, client ID) that you can pass to other commands via --oauth-access-token or --access-token.

Commands

oauth login

Runs a full OAuth flow: discovery, registration, authorization, token exchange. Supports all three registration strategies and auth modes. 
# DCR + interactive (most common for local dev)
mcpjam oauth login --url https://your-server.com/mcp \
  --protocol-version 2025-11-25 \
  --registration dcr

# CIMD + interactive (2025-11-25 only)
mcpjam oauth login --url https://your-server.com/mcp \
  --protocol-version 2025-11-25 \
  --registration cimd

# Preregistered + client_credentials (M2M, no browser)
mcpjam oauth login --url https://your-server.com/mcp \
  --protocol-version 2025-11-25 \
  --registration preregistered \
  --auth-mode client_credentials \
  --client-id "$CLIENT_ID" \
  --client-secret "$CLIENT_SECRET"
Prefer environment variables for --client-secret. Passing it inline leaks to shell history and process listings.
The --debug-out <path> flag captures a structured debug artifact with full HTTP traces — useful for filing bug reports or handing off to another engineer. 
mcpjam oauth login --url https://your-server.com/mcp \
  --protocol-version 2025-11-25 \
  --registration dcr \
  --debug-out oauth-debug.json

oauth metadata

Fetch and display OAuth metadata from a URL. Useful for verifying your server’s discovery endpoints are correct. 
mcpjam oauth metadata --url https://your-server.com/.well-known/oauth-protected-resource
mcpjam oauth metadata --url https://auth.example.com/.well-known/oauth-authorization-server

oauth proxy

Send an arbitrary HTTP request through the OAuth proxy with hosted-mode safety checks. Useful for testing individual OAuth endpoints (registration, token, etc.) without building raw HTTP requests. 
# Test a DCR registration
mcpjam oauth proxy \
  --url https://auth.example.com/register \
  --method POST \
  --header "Content-Type: application/json" \
  --body '{"redirect_uris":["http://localhost:8080/callback"],"client_name":"test"}'

# Fetch an endpoint
mcpjam oauth proxy --url https://auth.example.com/v1/oauth2/token --method GET

oauth debug-proxy

Same as oauth proxy but routes through the debug proxy path. Use when testing endpoints that behave differently for debug vs. production requests.

Login flags

FlagRequiredDefaultDescription
--url <url>YesMCP server URL
--protocol-version <v>Yes2025-03-26, 2025-06-18, or 2025-11-25
--registration <s>Yescimd, dcr, or preregistered
--auth-mode <m>Nointeractiveheadless, interactive, or client_credentials
--client-id <id>NoOAuth client ID (required for preregistered)
--client-secret <s>NoOAuth client secret
--client-metadata-url <url>NoCIMD metadata document URL
--redirect-url <url>NoAuto-generatedOAuth redirect URL
--scopes <scopes>NoSpace-separated scope string
--header <header>NoHTTP header Key: Value (repeatable)
--step-timeout <ms>No30000Per-step timeout
--verify-toolsNoAfter login, connect and list tools
--verify-call-tool <name>NoAfter listing, also call a named tool
--debug-out <path>NoWrite debug artifact to file
For interactive login, a custom --redirect-url must still be an http://localhost or http://127.0.0.1 loopback URL. Custom callback paths are supported.

Using tokens from login

After a successful oauth login, use the printed access token with other commands: 
# Capture the token
TOKEN=$(mcpjam oauth login --url https://your-server.com/mcp \
  --protocol-version 2025-11-25 --registration dcr \
  --format json | jq -r '.credentials.accessToken')

# Use it
mcpjam server doctor --url https://your-server.com/mcp --oauth-access-token "$TOKEN"
mcpjam tools list --url https://your-server.com/mcp --access-token "$TOKEN"