open-brain-mcp (OAuth 2.1 protected) Endpoints: POST /mcp — MCP Streamable HTTP (requires OAuth bearer) GET /authorize?admin=... — Consent screen (admin-gated) POST /authorize?admin=... — Approve client (admin-gated) GET /admin-gate — Friendly alias for /authorize GET /.well-known/oauth-authorization-server — RFC 8414 metadata (library) GET /.well-known/oauth-protected-resource — RFC 9728 metadata (library) POST /oauth/token | /oauth/register | /oauth/revoke — token lifecycle (library)