claude.ai uses the full OAuth Authorization Code flow, not client_credentials.
Flow: GET /authorize → auto-approve → redirect with code → POST /token
with code + code_verifier (PKCE S256).
Also fixes OAuth metadata URLs to use correct external scheme/host/prefix
via X-Forwarded-Proto, Host, and X-Forwarded-Prefix headers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Self-hosted MCP servers with OAuth client_credentials auth.
Each server connects to a different backend:
- Mail: reads Maildir IMAP backups
- Calendar/Tasks: CalDAV against Radicale
- Contacts: CardDAV against Radicale
- Files: WebDAV against oCIS
- Notes: Joplin REST API
Credentials externalized to config.json (not in repo).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Stefan Lohmaier