The Model Context Protocol (MCP) is a standard for providing an interface to agentic AI applications. It defines a way for applications to expose their data and functionality in a structured format that can be consumed by AI agents. The project Speislist (“Pantrylist” translated from German) is a demonstration of how to implement an MCP server for a simple use case: managing shopping lists and inventories. This is interesting because there are hardly any applications for everyday use cases that have implemented the MCP standard yet, and it shows how AI agents can interact with such applications in a meaningful way.
I did not understand a single word. What is this about? Why should I care?
MCP helps AIs to interact with applications, which in turn allows users to interact with those applications via natural language! Check the video below for a quick demo of Speislist, which shows the interesting concept of text/speech-based interaction with an everyday application.
Features
The application allows users to create and manage multiple shopping lists and inventories. The items on the shopping lists can have quantities and can be checked off. The items on the inventories can have an expiration date. Lists can be shared with other users, allowing for collaborative shopping and inventory management.
Auth
OAuth is the standard for authorization in MCP servers. It should be noted that it is possible to allow authentication via a token being directly set in the configuration of the MCP server on the client side (usually in a JSON file). However, this approach is probably more inconvenient to users. This method would require users to first log in on the project’s website, generate a token, copy it, and then paste it into the configuration JSON file of the MCP server. In contrast, using OAuth allows a much smoother user experience. The user adds the MCP server to their client application, the browser automatically opens, and prompts the user to log in and authorize the MCP client. This is all handled by the OAuth flow, and the user doesn’t have to manually deal with tokens at all. Therefore, I have implemented OAuth as the authentication method for this project.
As the official documentation1 and also common sense suggest, security and authentication should not be implemented from scratch. I decided to use Keycloak, an open-source identity and access management solution, to handle the OAuth flow for my MCP server.
Implementation
The MCP server is implemented in Java using the Spring Boot framework. The application stores shopping lists and inventory data in an in-memory H2 database using Spring Data JPA. Pretty basic as you can see. This shows that you don’t need to use a fancy tech stack to implement an MCP server. What is special is the use of Spring AI, which provides everything for quickly creating MCP tools similar to how REST controllers are created. What turned out to require a lot of trial-and-error was connecting Keycloak, configuring the endpoint .well-known/oauth-protected-resource, and getting the Spring Security Configuration right.
There is also a frontend application which allows users to log in and see their shopping lists. As you can tell, the functionality is very limited. This is because the frontend application was only meant for quick verification of the database’s state.