README
¶
MCP Auth Proxy
If you found value here, please consider starring.
Overview
- Drop-in OAuth 2.1/OIDC gateway for MCP servers — put it in front, no code changes.
- Your IdP, your choice: Google, GitHub, or any OIDC provider — e.g. Okta, Auth0, Azure AD, Keycloak — plus optional password.
- Publish local MCP servers safely: Supports all stdio, SSE, and HTTP transports. For stdio, traffic is converted to
/mcp. For SSE/HTTP, it’s proxied as-is. Of course, with authentication. - Verified across major MCP clients: Claude, Claude Code, ChatGPT, GitHub Copilot, Cursor, etc. — the proxy smooths client-specific quirks for consistent auth.
📖 For detailed usage, configuration, and examples, see the Documentation
Quickstart
Domain binding & 80/443 must be accessible from outside.
Download binary from release page.
If you use stdio transport
./mcp-auth-proxy \
--external-url https://{your-domain} \
--tls-accept-tos \
--password changeme \
-- npx -y @modelcontextprotocol/server-filesystem ./
That's it! Your HTTP endpoint is now available at https://{your-domain}/mcp.
- stdio (when a command is specified): MCP endpoint is https://{your-domain}/mcp.
- SSE/HTTP (when a URL is specified): MCP endpoint uses the backend’s original path (no conversion).
Verified MCP Client
| MCP Client | Status | Notes |
|---|---|---|
| Claude - Web | ✅ | |
| Claude - Desktop | ✅ | |
| Claude Code | ✅ | |
| ChatGPT - Web | ✅ | Need to implement search and fetch tools.(1) |
| ChatGPT - Desktop | ✅ | Need to implement search and fetch tools.(1) |
| GitHub Copilot | ✅ | |
| Cursor | ✅ |
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
pkg
|
|
|
auth
Package auth is a generated GoMock package.
|
Package auth is a generated GoMock package. |
|
backend/testserver
command
|
|
Click to show internal directories.
Click to hide internal directories.