Building an OAuth-ready MCP Server: A Meta Journey

# Building an OAuth-ready MCP Server: A Meta Journey There's something wonderfully recursive about writing a blog post using the very tools you're writing about. That's exactly what's happening here: this post was generated using the Inkie MCP Server we just built. It's a small moment of celebration, and it feels right to share the journey. ## Why We Built an MCP Server At Inkie, we're always looking for ways to make our platform more accessible and powerful. When Claude Desktop introduced support for Model Context Protocol (MCP) servers, we saw an opportunity to enable seamless integration between Claude and Inkie's tools. The goal was simple: allow Claude to securely access Inkie's functionality through a standards-compliant OAuth 2.1 implementation. This would mean users could authenticate once and have Claude interact with their Inkie account naturally, within their desktop workflow. ## The Challenge: When Standards Meet Reality Building OAuth flows sounds straightforward on paper. The OAuth 2.1 specification is well-documented, and there are countless libraries and examples to follow. But reality has a way of introducing complications. Our particular challenge came from Supabase's API Gateway. Supabase requires an 'apikey' header for all API requests. It's a security measure that makes sense in their ecosystem, but it created a problem for us. Standard OAuth clients, including Claude's mcp-remote implementation, don't send custom headers like this during the OAuth flow. We were stuck between two requirements: follow OAuth standards (which Claude expects) and satisfy Supabase's authentication requirements (which our backend needs). ## The Solution: An OpenID Discovery Proxy The answer came from thinking about what OAuth clients actually do during setup. They fetch an OpenID Discovery document, a standardised JSON file that tells them where to find authorisation and token endpoints. What if we could provide our own discovery document that pointed to proxy endpoints under our control? That's exactly what we built. Here's how it works: ### Step 1: Custom Discovery Document We created an OpenID Discovery Proxy on the Inkie App. When Claude (or any OAuth client) requests our discovery document, they receive URLs pointing to our proxy endpoints, not directly to Supabase. ### Step 2: Proxy Endpoints We implemented two key proxy endpoints on the Inkie App: - `/authorize` - handles the authorisation flow - `/token` - handles token exchange These endpoints do something clever: they inject the required 'apikey' header before forwarding requests to Supabase's actual OAuth endpoints. ### Step 3: Seamless Integration From Claude's perspective, everything looks like standard OAuth. From Supabase's perspective, all requests include the required authentication header. Everyone's happy. ## What This Means for Inkie Users This infrastructure unlocks some exciting possibilities. With the MCP Server in place, Claude Desktop can now: - Access Inkie's content planning tools - Generate marketing content through authenticated API calls - Interact with your Inkie account securely - Maintain context across conversations All of this happens with proper OAuth security, no manual API key copying, and a smooth user experience. ## The Meta Moment Which brings us full circle. This blog post exists because the infrastructure works. We connected Claude Desktop to Inkie using the MCP Server, and used Inkie's own blog generation tools to create this content. It's a small milestone, but it represents something larger: the ability to bridge different AI tools and platforms in a secure, standardised way. As AI assistants become more capable, these kinds of integrations will become increasingly important. ## Technical Challenges and Learnings Building this wasn't without its frustrations. OAuth flows are notoriously fiddly to debug. When something goes wrong, error messages can be cryptic, and the back-and-forth between multiple endpoints makes tracing issues challenging. A few things we learned along the way: **Testing is crucial.** We built extensive test cases for each step of the OAuth flow. When you're proxying requests between systems, you need confidence that each layer is doing exactly what you expect. **Standards are your friend.** By sticking closely to OAuth 2.1 and OpenID Discovery specifications, we ensured compatibility with standard clients. The temptation to take shortcuts is real, but standards exist for good reasons. **Proxy patterns are powerful.** The ability to sit between a client and a service, adding or modifying requests transparently, is a pattern that solves countless integration challenges. ## What's Next Now that the foundation is in place, we're excited to expand what's possible with the Inkie MCP Server. We're looking at: - Adding more tools and capabilities - Improving error handling and user feedback - Exploring integrations with other MCP-compatible platforms - Building automation workflows that span multiple AI tools The Model Context Protocol is still relatively new, and we're watching the ecosystem develop with interest. There's huge potential for AI tools to work together in more sophisticated ways. ## A Celebration of Problem-Solving At its heart, this project represents what we love about building software: identifying a problem, understanding the constraints, and crafting a solution that works within those constraints elegantly. The fact that we hit a roadblock with Supabase's requirements didn't stop us. It just meant we needed to think creatively about how to satisfy multiple requirements simultaneously. That's the kind of problem-solving that makes technology exciting. Not the polished end result, but the messy middle where you're figuring out how to make incompatible things work together. ## Try It Yourself If you're building with MCP servers or exploring Claude Desktop integrations, we hope our journey provides some useful insights. OAuth can feel daunting, but breaking it down into manageable pieces makes it approachable. And if you're an Inkie user curious about trying the MCP Server integration, watch this space. We'll be sharing more details about how to set it up and what you can do with it. For now, we're celebrating this meta moment: a blog post about building tools, created using those very tools. It's recursive, it's slightly absurd, and it's deeply satisfying. Here's to building things that work, solving problems creatively, and celebrating the small victories along the way.