Modules
Purpose-scoped OAuth artifacts, each a macaroon (OAuthMCPBridge.Macaroon) —
fully stateless, so nothing is lost across scale-to-zero restarts and there is
no database or volume.
The public base URL for a request — shared by OAuth (OAuth endpoints,
issuer) and LandingPlug (the MCP connection URL shown on the landing page).
Bearer-token enforcement for the MCP endpoint. Which paths need the guard is
app-specific route knowledge, so this only provides the check itself — call
require_bearer/1 from your own router on whichever paths you gate
A minimal, static, unauthenticated landing page — not the MCP endpoint itself. Dependency-free: no template engine, no JS, just an inlined stylesheet.
A minimal, self-owned macaroon — first-party caveats only (no third-party discharge). We own this rather than pull a stale hex dep because it is the security-critical token primitive.
An OAuth 2.1 authorization server that bridges MCP clients to GitHub login.
Parses the GitHub-login allowlist config format into the map
OAuthMCPBridge.OAuth.check_whitelist/2 expects, ready to
:persistent_term.put({:oauth_mcp_bridge, :auth}, ...).