FAC

Appearance

OAuth Quick Start Guide โ€‹

๐Ÿš€ Get Started in 2 Minutes โ€‹

Step 1: Open Settings โ€‹

  1. Go to your Frappe site
  2. Search for "Assistant Core Settings"
  3. Click the OAuth tab

Step 2: Enable OAuth โ€‹

Check the box: โœ… Enable Dynamic Client Registration

Step 3: Configure Client Access โ€‹

For MCP Inspector (testing): In "Allowed Public Client Origins", add:

http://localhost:6274

For Claude Desktop: Leave "Allowed Public Client Origins" blank (Claude Desktop doesn't need it)

For your web app: Add your app's URL:

https://your-app.com

Step 4: Save โ€‹

Click Save button

โœ… That's It! โ€‹

Your OAuth is now configured. MCP clients can auto-register and connect.

๐Ÿงช Test with MCP Inspector โ€‹

  1. Open http://localhost:6274/
  2. Select "Streamable HTTP"
  3. Enter your MCP endpoint URL:
    https://your-frappe-site.com/api/method/frappe_assistant_core.api.fac_endpoint.handle_mcp
  4. Click "Open Auth Settings"
  5. Click "Quick OAuth Flow"
  6. Authorize when prompted โœ…

๐ŸŽฏ What You See โ€‹

Main Section (Always Visible) โ€‹

โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ OAuth Configuration                         โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚ โ˜‘ Enable Dynamic Client Registration        โ”‚
โ”‚                                             โ”‚
โ”‚ Allowed Public Client Origins:              โ”‚
โ”‚ โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚
โ”‚ โ”‚ http://localhost:6274                   โ”‚ โ”‚
โ”‚ โ”‚ https://your-app.com                    โ”‚ โ”‚
โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

Advanced Settings (Collapsed) โ€‹

Don't touch these unless you know what you're doing!

Click to expand "Advanced OAuth Settings" only if needed.

Resource Metadata (Collapsed) โ€‹

Optional branding info - skip for now

Click to expand "Resource Metadata" only if you want to customize URLs.

๐Ÿ”’ Security Quick Tips โ€‹

โœ… DO:

  • Use specific URLs in "Allowed Public Client Origins"
  • Use HTTPS in production
  • Keep "Skip Authorization Prompt" disabled

โŒ DON'T:

  • Use * in production (allows all origins)
  • Enable "Skip Authorization Prompt" in production
  • Share OAuth client secrets

๐Ÿ› Common Issues โ€‹

"Dynamic client registration is not enabled" โ€‹

โ†’ Check the box: โœ… Enable Dynamic Client Registration

"CORS error" โ€‹

โ†’ Add your client's URL to "Allowed Public Client Origins"

"redirect_uris must be https" โ€‹

โ†’ Use https:// or http://localhost: only

๐Ÿ“š Need More Help? โ€‹

Read the full guide: OAuth Setup Guide

๐ŸŽ‰ You're All Set! โ€‹

Your Frappe Assistant Core is now OAuth-enabled and ready for MCP clients.

Questions? Open an issue: https://github.com/buildswithpaul/Frappe_Assistant_Core/issues

Released under the AGPL-3.0 License.

Copyright ยฉ 2025 โ€” present, Paul Clinton