Skip to content

[VAP-11408] Add OAuth-on-first-use to public MCP server (client) #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
vapi-tasker wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[VAP-11408] Add OAuth-on-first-use to public MCP server (client) #10

vapi-tasker wants to merge 1 commit into from

Conversation

@vapi-tasker
Copy link

@vapi-tasker vapi-tasker bot commented Jan 23, 2026

Describe your changes

This PR makes VAPI_TOKEN optional in the public MCP server and implements OAuth-on-first-use for frictionless setup.

Key Changes:

  • Make VAPI_TOKEN optional in server startup
  • Add OAuth flow handler that triggers on first tool call
  • Store credentials in ~/.vapi/mcp-config.json
  • Update all tool handlers to use lazy client initialization
  • Bump version to 0.2.0

User Experience Flow:

  1. User pastes MCP config (NO API KEY needed)
  2. User restarts Claude Desktop
  3. User asks: "Build me a Vapi voice agent"
  4. OAuth URL appears in error message
  5. User clicks URL → completes OAuth in browser
  6. Account auto-created (via backend PR)
  7. Credentials saved locally
  8. Original request retried → works!

Relevant Context (linear ticket, slack link, etc)

How did you test this?

Testing Strategy:

  1. Code Review: Validated OAuth flow logic and lazy client initialization
  2. Type Safety: Ensured TypeScript compilation succeeds
  3. Integration Testing: Pending - requires backend deployment

Manual Testing Plan (to be completed after backend deployment):

  • Install MCP server without VAPI_TOKEN
  • Trigger tool call → verify OAuth URL appears
  • Complete OAuth flow
  • Verify credentials saved to ~/.vapi/mcp-config.json
  • Retry tool call → verify it succeeds
  • Restart Claude Desktop → verify credentials persist

Configuration Example:

{
  "mcpServers": {
    "vapi-mcp-server": {
      "command": "npx",
      "args": ["-y", "@vapi-ai/mcp-server"]
      // NO VAPI_TOKEN NEEDED!
    }
  }
}

Note: This PR is Part 2 of 2. Part 1 (backend OAuth infrastructure) is in VapiAI/vapi repository.

@claude
feat: add OAuth-on-first-use to public MCP server
209386f 
Make VAPI_TOKEN optional and add OAuth flow for frictionless setup.

Changes:
- Make VAPI_TOKEN optional in server startup
- Add OAuth flow handler with automatic account creation
- Add token storage to ~/.vapi/mcp-config.json
- Wrap all tool handlers to trigger OAuth on first use
- Update version to 0.2.0

Users can now paste MCP config without API key, and OAuth will
trigger automatically on first tool call.

Related: VAP-11408

Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant