🚀 What's New
OAuth Persistent Storage Backend (#360)
Production-ready persistent OAuth storage with SQLite backend:
Features:
- 🔄 Pluggable Backend Architecture: Memory (dev) + SQLite (production)
- 🔒 Multi-Worker Safe: WAL mode for concurrent access
- ⚡ High Performance: <10ms token operations
- 🛡️ Security: Atomic one-time authorization code consumption prevents replay attacks
- 📦 Easy Configuration:
MCP_OAUTH_STORAGE_BACKEND=sqlite
Configuration:
export MCP_OAUTH_STORAGE_BACKEND=sqlite
export MCP_OAUTH_SQLITE_PATH=./data/oauth.dbuvx Compatibility Fixes (#361)
Fixed HTTP endpoint test failures in uvx environment:
- ✅ Lazy
asyncio.Lock()initialization - ✅ All 16 HTTP endpoint tests now pass
- ✅ No impact on existing functionality
📊 Testing
- 30 new OAuth storage tests (parametrized across backends)
- 29/30 passing in uvx environment
- Security tests: Replay attack prevention verified
- Performance tests: <10ms target confirmed
📚 Documentation
- New guide:
docs/oauth-storage-backends.md - Updated:
CHANGELOG.md,CLAUDE.md,README.md - Configuration examples in
.env.example
🔧 Technical Details
5 commits:
- Initial implementation (Issues #360 & #361)
- Added aiosqlite dependency
- Fixed package structure (removed conflicting file)
- Corrected import path
- Lazy initialization for global instance
Backward Compatible: Defaults to memory backend, no breaking changes.
See CHANGELOG.md for complete details.