OAuth Quick Start Guide
🚀 Get Started in 2 Minutes
Step 1: Open Settings
- Go to your Frappe site
- Search for "Assistant Core Settings"
- Click the OAuth tab
Step 2: Enable OAuth
Check the box: ✅ Enable Dynamic Client Registration
Step 3: Configure Client Access
For MCP Inspector (testing): In "Allowed Public Client Origins", add:
http://localhost:6274For Claude Desktop: Leave "Allowed Public Client Origins" blank (Claude Desktop doesn't need it)
For your web app: Add your app's URL:
https://your-app.comStep 4: Save
Click Save button
✅ That's It!
Your OAuth is now configured. MCP clients can auto-register and connect.
🧪 Test with MCP Inspector
- Open http://localhost:6274/
- Select "Streamable HTTP"
- Enter your MCP endpoint URL:
https://your-frappe-site.com/api/method/frappe_assistant_core.api.fac_endpoint.handle_mcp - Click "Open Auth Settings"
- Click "Quick OAuth Flow"
- Authorize when prompted ✅
🎯 What You See
Main Section (Always Visible)
┌─────────────────────────────────────────────┐
│ OAuth Configuration │
├─────────────────────────────────────────────┤
│ ☑ Enable Dynamic Client Registration │
│ │
│ Allowed Public Client Origins: │
│ ┌─────────────────────────────────────────┐ │
│ │ http://localhost:6274 │ │
│ │ https://your-app.com │ │
│ └─────────────────────────────────────────┘ │
└─────────────────────────────────────────────┘Advanced Settings (Collapsed)
Don't touch these unless you know what you're doing!
Click to expand "Advanced OAuth Settings" only if needed.
Resource Metadata (Collapsed)
Optional branding info - skip for now
Click to expand "Resource Metadata" only if you want to customize URLs.
🔒 Security Quick Tips
✅ DO:
- Use specific URLs in "Allowed Public Client Origins"
- Use HTTPS in production
- Keep "Skip Authorization Prompt" disabled
❌ DON'T:
- Use
*in production (allows all origins) - Enable "Skip Authorization Prompt" in production
- Share OAuth client secrets
🐛 Common Issues
"Dynamic client registration is not enabled"
→ Check the box: ✅ Enable Dynamic Client Registration
"CORS error"
→ Add your client's URL to "Allowed Public Client Origins"
"redirect_uris must be https"
→ Use https:// or http://localhost: only
📚 Need More Help?
Read the full guide: OAuth Setup Guide
🎉 You're All Set!
Your Frappe Assistant Core is now OAuth-enabled and ready for MCP clients.
Questions? Open an issue: https://github.com/buildswithpaul/Frappe_Assistant_Core/issues