Authprobe
authprobe pinpoints MCP OAuth failures
What is Authprobe?
Authprobe is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to authprobe pinpoints mcp oauth failures
authprobe pinpoints MCP OAuth failures
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- authprobe pinpoints MCP OAuth failures
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx authprobeConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Authprobe
Authprobe is a Go-based MCP OAuth diagnostics tool that pinpoints exactly where MCP server OAuth flows diverge from specification. It walks the full discovery funnel — from the initial 401 + WWW-Authenticate probe through Protected Resource Metadata, authorization server discovery, token exchange, and Dynamic Client Registration — and reports each step as PASS or FAIL with the exact wire-level trace. MCP server authors, client implementers, and platform security teams use it to triage auth regressions before rollout and generate reproducible evidence bundles for cross-team handoffs.
Prerequisites
- Go 1.21 or higher installed (for go install method), or Docker for the container method
- An MCP server with OAuth configured and accessible at a known URL
- Optional: an OpenAI or Anthropic API key for LLM-powered RFC compliance explanations
Install authprobe
Install authprobe using the Go toolchain, the install script, or Docker. The install script places the binary in ~/.local/bin.
# Option A: Go toolchain
go install github.com/authprobe/authprobe/cmd/authprobe@latest
# Option B: Install script (no sudo needed)
curl -fsSL https://raw.githubusercontent.com/authprobe/authprobe/main/scripts/install.sh | sh
# Option C: Docker
docker pull ghcr.io/authprobe/authprobe:latestVerify the installation
Check that authprobe is installed and on your PATH.
authprobe --versionRun a basic OAuth scan
Point authprobe at your MCP server URL to scan the full OAuth discovery funnel. It will walk all 6 steps and report PASS/FAIL for each.
authprobe scan https://mcp.example.com/mcpGet verbose trace output on failure
Use --explain and --trace-failure to get the full request/response wire trace and RFC-based explanation of what went wrong.
authprobe scan https://mcp.example.com/mcp --explain --trace-failureConfigure authprobe as an MCP server
Run authprobe as an MCP server itself via stdio transport so AI assistants can invoke OAuth scans as MCP tools.
authprobe mcp --transport stdioAdd to Claude Desktop config
Register the authprobe MCP server in claude_desktop_config.json so Claude can run OAuth diagnostic scans on demand.
{
"mcpServers": {
"authprobe": {
"command": "authprobe",
"args": ["mcp", "--transport", "stdio"]
}
}
}Authprobe Examples
Client configuration
Claude Desktop configuration to run authprobe as an MCP server over stdio, enabling Claude to trigger OAuth scans as tools.
{
"mcpServers": {
"authprobe": {
"command": "authprobe",
"args": ["mcp", "--transport", "stdio"]
}
}
}Prompts to try
Example CLI invocations and prompts for diagnosing MCP OAuth failures with authprobe.
- "Scan https://mcp.example.com/mcp and tell me which OAuth step is failing"
- Run: authprobe scan https://mcp.example.com/mcp --json -
- Run: authprobe scan https://mcp.example.com/mcp --explain --trace-failure
- Run: OPENAI_API_KEY=sk-... authprobe scan https://mcp.example.com/mcp --explain --trace-failure --llm-max-tokens=1080
- Run: authprobe scan --stdio-command 'npx -y @modelcontextprotocol/server-everything' --tool-list
- "Check if this MCP server's Protected Resource Metadata is RFC 9728 compliant"Troubleshooting Authprobe
authprobe not found after 'go install'
Ensure your Go bin directory is on your PATH. Run 'echo $GOPATH/bin' (or '$HOME/go/bin' if GOPATH is unset) and add it to your shell profile. Then run 'authprobe --version' to verify.
Scan step [2] MCP initialize + tools/list always fails
This step requires the MCP server to return a valid 401 with a WWW-Authenticate header first. If step [1] passes but step [2] fails, check that your server correctly handles the initialize request when unauthenticated and returns the appropriate error response.
LLM explanation flag (--explain) returns no output
Set either OPENAI_API_KEY or ANTHROPIC_API_KEY in your environment before running the scan. Without an API key, --explain falls back to RFC-text-only explanations. Use --llm-max-tokens to increase the response length if output is truncated.
Frequently Asked Questions about Authprobe
What is Authprobe?
Authprobe is a Model Context Protocol (MCP) server that authprobe pinpoints mcp oauth failures It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Authprobe?
Follow the installation instructions on the Authprobe GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Authprobe?
Authprobe works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Authprobe free to use?
Yes, Authprobe is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.
Authprobe Alternatives — Similar Security Servers
Looking for alternatives to Authprobe? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Authprobe in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Authprobe?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.