Bumps [authlib](https://github.com/authlib/authlib) from 1.3.0 to 1.6.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/authlib/authlib/releases">authlib's releases</a>.</em></p> <blockquote> <h2>v1.6.5</h2> <h2>What's Changed</h2> <ul> <li>Add a <code>request</code> param to RFC7591 <code>generate_client_info</code> and <code>generate_client_secret</code> methods by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/825">authlib/authlib#825</a></li> <li>feat: support list params in prepare_grant_uri by <a href="https://github.com/lisongmin"><code>@lisongmin</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/827">authlib/authlib#827</a></li> <li>chore(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/authlib/authlib/pull/828">authlib/authlib#828</a></li> <li>fix(jose): add max size for JWE zip=DEF decompression by <a href="https://github.com/lepture"><code>@lepture</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/830">authlib/authlib#830</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/lisongmin"><code>@lisongmin</code></a> made their first contribution in <a href="https://redirect.github.com/authlib/authlib/pull/827">authlib/authlib#827</a></li> <li><a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] made their first contribution in <a href="https://redirect.github.com/authlib/authlib/pull/828">authlib/authlib#828</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5">https://github.com/authlib/authlib/compare/v1.6.4...v1.6.5</a></p> <h2>v1.6.4</h2> <h2>What's Changed</h2> <ul> <li>fix(jose): prevent public/unprotected header overwriting protected header by <a href="https://github.com/lepture"><code>@lepture</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/809">authlib/authlib#809</a></li> <li>Fix <code>InsecureTransportError</code> raising by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/810">authlib/authlib#810</a></li> <li>Add conventional-commits pre-commit hook by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/811">authlib/authlib#811</a></li> <li>Fix response_mode=form_post with Starlette client by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/812">authlib/authlib#812</a></li> <li>Specify README.md as project long description by <a href="https://github.com/EpicWink"><code>@EpicWink</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/817">authlib/authlib#817</a></li> <li>Migrate tests to pytest paradigm by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/813">authlib/authlib#813</a></li> <li>jose/jws: Reject unprotected ‘crit’ and enforce type; add tests by <a href="https://github.com/AL-Cybision"><code>@AL-Cybision</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/823">authlib/authlib#823</a></li> <li>Use explicit *.test urls in unit tests by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/824">authlib/authlib#824</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/EpicWink"><code>@EpicWink</code></a> made their first contribution in <a href="https://redirect.github.com/authlib/authlib/pull/817">authlib/authlib#817</a></li> <li><a href="https://github.com/AL-Cybision"><code>@AL-Cybision</code></a> made their first contribution in <a href="https://redirect.github.com/authlib/authlib/pull/823">authlib/authlib#823</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/authlib/authlib/compare/v1.6.3...v1.6.4">https://github.com/authlib/authlib/compare/v1.6.3...v1.6.4</a></p> <h2>Version 1.6.3</h2> <h2>What's Changed</h2> <ul> <li>Add diff-cover check in GHA by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/803">authlib/authlib#803</a></li> <li>Run GHA unit tests with uv by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/805">authlib/authlib#805</a></li> <li>Move from pre-commit to prek by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/804">authlib/authlib#804</a></li> <li>Sign OIDC id_token according to <code>id_token_signed_response_alg</code> client metadata by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/802">authlib/authlib#802</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/authlib/authlib/compare/v1.6.2...v1.6.3">https://github.com/authlib/authlib/compare/v1.6.2...v1.6.3</a></p> <h2>Version 1.6.2</h2> <h2>What's Changed</h2> <ul> <li>Allow insecure transport for 127.0.0.1 for debugging by <a href="https://github.com/geigerzaehler"><code>@geigerzaehler</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/788">authlib/authlib#788</a></li> <li>Raise a MissingCodeError when code parameter is missing by <a href="https://github.com/lepture"><code>@lepture</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/786">authlib/authlib#786</a></li> <li>Temporarily restore OAuth2Request body parameter by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/791">authlib/authlib#791</a></li> <li>Raise MissingCodeException when code parameter is missing by <a href="https://github.com/lepture"><code>@lepture</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/794">authlib/authlib#794</a></li> <li>Fix id_token generation with EdDSA alg by <a href="https://github.com/azmeuk"><code>@azmeuk</code></a> in <a href="https://redirect.github.com/authlib/authlib/pull/800">authlib/authlib#800</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/authlib/authlib/compare/v1.6.1...v1.6.2">https://github.com/authlib/authlib/compare/v1.6.1...v1.6.2</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/authlib/authlib/blob/main/docs/changelog.rst">authlib's changelog</a>.</em></p> <blockquote> <h2>Version 1.6.5</h2> <p><strong>Released on Oct 2, 2025</strong></p> <ul> <li>RFC7591 <code>generate_client_info</code> and <code>generate_client_secret</code> take a <code>request</code> parameter.</li> <li>Add size limitation when decode JWS/JWE to prevent DoS.</li> <li>Add size limitation for <code>DEF</code> JWE zip algorithm.</li> </ul> <h2>Version 1.6.4</h2> <p><strong>Released on Sep 17, 2025</strong></p> <ul> <li>Fix <code>InsecureTransportError</code> error raising. :issue:<code>795</code></li> <li>Fix <code>response_mode=form_post</code> with Starlette client. :issue:<code>793</code></li> <li>Validate <code>crit</code> header value, reject unprotected header in <code>crit</code> header.</li> </ul> <h2>Version 1.6.3</h2> <p><strong>Released on Aug 26, 2025</strong></p> <ul> <li>OIDC <code>id_token</code> are signed according to <code>id_token_signed_response_alg</code> client metadata. :issue:<code>755</code></li> </ul> <h2>Version 1.6.2</h2> <p><strong>Released on Aug 23, 2025</strong></p> <ul> <li>Temporarily restore <code>OAuth2Request</code> <code>body</code> parameter. :issue:<code>781</code> :pr:<code>791</code></li> <li>Allow <code>127.0.0.1</code> in insecure transport mode. :pr:<code>788</code></li> <li>Raise <code>MissingCodeException</code> when the <code>code</code> parameter is missing. :issue:<code>793</code> :pr:<code>794</code></li> <li>Fix <code>id_token</code> generation with <code>EdDSA</code> algs. :issue:<code>799</code> :pr:<code>800</code></li> </ul> <h2>Version 1.6.1</h2> <p><strong>Released on Jul 20, 2025</strong></p> <ul> <li>Filter key set with additional "alg" and "use" parameters.</li> <li>Restore and deprecate <code>OAuth2Request</code> <code>body</code> parameter. :issue:<code>781</code></li> </ul> <h2>Version 1.6.0</h2> <p><strong>Released on May 22, 2025</strong></p> <ul> <li>Fix issue when :rfc:<code>RFC9207 <9207></code> is enabled and the authorization endpoint response is not a redirection. :pr:<code>733</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|---|---|---|
| .cursor/rules | ||
| .github | ||
| .vscode | ||
| contrib | ||
| examples | ||
| libs | ||
| schemas/preview | ||
| toolkits | ||
| .editorconfig | ||
| .gitignore | ||
| .pre-commit-config.yaml | ||
| .prettierignore | ||
| .prettierrc.toml | ||
| .ruff.toml | ||
| CONTRIBUTING.md | ||
| cspell.config.yaml | ||
| LICENSE | ||
| Makefile | ||
| pyproject.toml | ||
| README.md | ||
| SECURITY.md | ||
| uv_setup.sh | ||
Arcade MCP Server Framework
-
To see example servers built with Arcade MCP Server Framework (this repo), check out our examples
-
To learn more about the Arcade MCP Server Framework (this repo), check out our Arcade MCP documentation
-
To learn more about other offerings from Arcade.dev, check out our documentation.
Pst. hey, you, give us a star if you like it!
Quick Start: Create a New Server
The fastest way to get started is with the arcade new CLI command, which creates a complete MCP server project:
# Install the CLI
uv tool install arcade-mcp
# Create a new server project
arcade new my_server
# Navigate to the project
cd my_server/src/my_server
This generates a project with:
-
server.py - Main server file with MCPApp and example tools
-
pyproject.toml - Dependencies and project configuration
-
.env.example - Example
.envfile containing a secret required by one of the generated tools inserver.py
The generated server.py includes proper command-line argument handling and three example tools:
#!/usr/bin/env python3
"""simple_server MCP server"""
import sys
from typing import Annotated
import httpx
from arcade_mcp_server import Context, MCPApp
from arcade_mcp_server.auth import Reddit
app = MCPApp(name="simple_server", version="1.0.0", log_level="DEBUG")
@app.tool
def greet(name: Annotated[str, "The name of the person to greet"]) -> str:
"""Greet a person by name."""
return f"Hello, {name}!"
# To use this tool locally, you need to either set the secret in the .env file or as an environment variable
@app.tool(requires_secrets=["MY_SECRET_KEY"])
def whisper_secret(context: Context) -> Annotated[str, "The last 4 characters of the secret"]:
"""Reveal the last 4 characters of a secret"""
# Secrets are injected into the context at runtime.
# LLMs and MCP clients cannot see or access your secrets
# You can define secrets in a .env file.
try:
secret = context.get_secret("MY_SECRET_KEY")
except Exception as e:
return str(e)
return "The last 4 characters of the secret are: " + secret[-4:]
# To use this tool locally, you need to install the Arcade CLI (uv tool install arcade-mcp)
# and then run 'arcade login' to authenticate.
@app.tool(requires_auth=Reddit(scopes=["read"]))
async def get_posts_in_subreddit(
context: Context, subreddit: Annotated[str, "The name of the subreddit"]
) -> dict:
"""Get posts from a specific subreddit"""
# Normalize the subreddit name
subreddit = subreddit.lower().replace("r/", "").replace(" ", "")
# Prepare the httpx request
# OAuth token is injected into the context at runtime.
# LLMs and MCP clients cannot see or access your OAuth tokens.
oauth_token = context.get_auth_token_or_empty()
headers = {
"Authorization": f"Bearer {oauth_token}",
"User-Agent": "{{ toolkit_name }}-mcp-server",
}
params = {"limit": 5}
url = f"https://oauth.reddit.com/r/{subreddit}/hot"
# Make the request
async with httpx.AsyncClient() as client:
response = await client.get(url, headers=headers, params=params)
response.raise_for_status()
# Return the response
return response.json()
# Run with specific transport
if __name__ == "__main__":
# Get transport from command line argument, default to "stdio"
# - "stdio" (default): Standard I/O for Claude Desktop, CLI tools, etc.
# Supports tools that require_auth or require_secrets out-of-the-box
# - "http": HTTPS streaming for Cursor, VS Code, etc.
# Does not support tools that require_auth or require_secrets unless the server is deployed
# using 'arcade deploy' or added in the Arcade Developer Dashboard with 'Arcade' server type
transport = sys.argv[1] if len(sys.argv) > 1 else "stdio"
# Run the server
app.run(transport=transport, host="127.0.0.1", port=8000)
This approach gives you:
-
Complete Project Setup - Everything you need in one command
-
Best Practices - Proper dependency management with pyproject.toml
-
Example Code - Learn from working examples of common patterns
-
Production Ready - Structured for growth and deployment
Running Your Server
Run your server directly with Python:
# Run with stdio transport (default)
uv run server.py
# Run with http transport via command line argument
uv run server.py http
# Or use python directly
python server.py http
python server.py stdio
Your server will start and listen for connections. With HTTP transport, you can access the API docs at http://127.0.0.1:8000/docs.
Configure MCP Clients
Once your server is running, connect it to your favorite AI assistant:
arcade configure claude # Configure Claude Desktop to connect to your stdio server in your current directory
arcade configure cursor --transport http --port 8080 # Configure Cursor to connect to your local HTTP server on port 8080
arcade configure vscode --entrypoint my_server.py # Configure VSCode to connect to your stdio server that will run when my_server.py is executed directly
Installing this Repo from Source
git clone https://github.com/ArcadeAI/arcade-mcp.git && cd arcade-mcp && make install
Support and Community
- Discord: Join our Discord community for real-time support and discussions.
- GitHub: Contribute or report issues on the Arcade GitHub repository.
- Documentation: Find in-depth guides and API references at Arcade Documentation.