feat: add FastMCP OAuth proxy support for Cloud Run deployment#160
Open
FutureProve wants to merge 3 commits into
Open
feat: add FastMCP OAuth proxy support for Cloud Run deployment#160FutureProve wants to merge 3 commits into
FutureProve wants to merge 3 commits into
Conversation
Replace ADK/lowlevel MCP server setup with FastMCP and register tools via `Tool.from_function`. Add optional Google OAuth authentication using `GoogleProvider` driven by `ANALYTICS_MCP_OAUTH_CLIENT_ID/SECRET` and `ANALYTICS_MCP_BASE_URL`, removing the prior schema sanitization and ADK workaround code.feat(server): migrate coordinator to FastMCP w/ optional OAuth Replace ADK/lowlevel MCP server setup with FastMCP and register tools via `Tool.from_function`. Add optional Google OAuth authentication using `GoogleProvider` driven by `ANALYTICS_MCP_OAUTH_CLIENT_ID/SECRET` and `ANALYTICS_MCP_BASE_URL`, removing the prior schema sanitization and ADK workaround code.
Document local vs remote deployment modes and add a step-by-step Cloud Run setup, including OAuth client creation, required env vars, and claude.ai integration instructions so web-based MCP clients can connect without sharing credentials.docs(readme): add Cloud Run + OAuth remote deployment guide Document local vs remote deployment modes and add a step-by-step Cloud Run setup, including OAuth client creation, required env vars, and claude.ai integration instructions so web-based MCP clients can connect without sharing credentials.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
mcp.server.Server+ ADKFunctionTool/adk_to_mcp_tool_typemachinery in
coordinator.pywithFastMCPandTool.from_function().GoogleProviderOAuth 2.0 auth: whenANALYTICS_MCP_OAUTH_CLIENT_IDandANALYTICS_MCP_OAUTH_CLIENT_SECRETare set, the server starts in
streamable-httpmode with a full OAuthauthorization code flow. Without them it behaves exactly as before
(stdio, Application Default Credentials).
tools/client.pycredential resolution that checks FastMCP'sper-request OAuth token first, then falls back to ADC — so each user's
request in HTTP mode uses their own credentials.
Dockerfile(Python 3.11-slim + uv) for building aCloud Run image.
Motivation
Enables the server to be deployed as a persistent remote MCP endpoint
(e.g. on Google Cloud Run) and accessed from web-based clients such as
claude.ai, following the same pattern as
google-ads-mcp.
Backward compatibility
No breaking changes. The stdio mode and existing client configurations
(Gemini CLI, Claude Desktop) are unaffected. The new behaviour only
activates when the two OAuth env vars are present.
Test plan
python -m pytest tests/passesanalytics-mcpstarts in stdio mode without OAuth env vars set/mcpwhen OAuth env varsare set
property from claude.ai