MCP Auth Proxy

v1.0.0Securitystable

MCP Auth Proxy is a secure OAuth 2.1 authentication proxy for Model Context Protocol (MCP) servers

authenticationmcpmodelcontextprotocoloauth2
Share:
120
Stars
0
Downloads
0
Weekly
0/5

What is MCP Auth Proxy?

MCP Auth Proxy is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to mcp auth proxy is a secure oauth 2.1 authentication proxy for model context protocol (mcp) servers

MCP Auth Proxy is a secure OAuth 2.1 authentication proxy for Model Context Protocol (MCP) servers

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • MCP Auth Proxy is a secure OAuth 2.1 authentication proxy fo

Use Cases

OAuth 2.1 authentication
Secure MCP server access
Authentication gateway
sigbit

Maintainer

LicenseMIT
Languagego
Versionv1.0.0
UpdatedMay 21, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx mcp-auth-proxy

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use MCP Auth Proxy

MCP Auth Proxy is a Go binary that wraps any existing stdio-based MCP server and exposes it as a secure HTTPS endpoint with OAuth 2.1/OIDC authentication. It handles TLS certificate provisioning automatically via Let's Encrypt, supports identity providers including Google, GitHub, Okta, Auth0, and Keycloak, and applies flexible user allow-listing with glob patterns (e.g., *@company.com). DevOps teams and developers use it to make local or private MCP servers accessible to remote MCP clients while enforcing proper authentication without modifying the underlying server.

Prerequisites

  • A publicly reachable domain name with DNS pointing to the machine that will run the proxy
  • The MCP Auth Proxy binary downloaded from the GitHub releases page
  • An existing stdio-based MCP server to wrap (e.g., any npx MCP server)
  • An OAuth 2.1 identity provider (Google, GitHub, Okta, Auth0, or Keycloak) if using OIDC authentication
1

Download the MCP Auth Proxy binary

Go to the GitHub releases page at https://github.com/sigbit/mcp-auth-proxy/releases and download the binary for your platform. Make it executable.

chmod +x mcp-auth-proxy
2

Run the proxy with a simple password

The quickest way to get started is with password protection and automatic TLS. Replace the domain and password with your values. The command after -- is the MCP server the proxy will wrap.

./mcp-auth-proxy \
  --external-url https://your-domain.example.com \
  --tls-accept-tos \
  --password changeme \
  -- npx -y @modelcontextprotocol/server-filesystem ./
3

Configure OAuth 2.1 / OIDC (optional)

For team deployments, configure an OIDC provider. Add user allow-listing with exact email addresses or glob patterns such as *@yourcompany.com. Refer to the full documentation at sigbit.github.io/mcp-auth-proxy for provider-specific setup.

4

Use a custom TLS certificate (optional)

If you have your own TLS certificate, provide the cert and key file paths instead of using --tls-accept-tos for automatic Let's Encrypt provisioning.

./mcp-auth-proxy \
  --external-url https://your-domain.example.com \
  --tls-cert-file /path/to/cert.pem \
  --tls-key-file /path/to/key.pem \
  --password changeme \
  -- npx -y @modelcontextprotocol/server-filesystem ./
5

Connect your MCP client to the proxy endpoint

With the proxy running, point your MCP client at the HTTPS endpoint. The proxy exposes the wrapped server's tools at /mcp on your domain.

{
  "mcpServers": {
    "secure-filesystem": {
      "url": "https://your-domain.example.com/mcp"
    }
  }
}

MCP Auth Proxy Examples

Client configuration

MCP client config connecting to a filesystem server wrapped and secured by MCP Auth Proxy.

{
  "mcpServers": {
    "secure-remote-mcp": {
      "url": "https://your-domain.example.com/mcp"
    }
  }
}

Prompts to try

Example prompts after connecting through the secured proxy to a filesystem MCP server.

- "List the files in the root directory of the remote server."
- "Read the contents of config.yaml on the remote filesystem."
- "Search for all .log files modified in the last 24 hours."
- "Create a new file called notes.txt with the content 'Hello from Claude'."
- "What MCP tools are available through this secure connection?"

Troubleshooting MCP Auth Proxy

Let's Encrypt TLS certificate provisioning fails

Port 80 must be reachable from the internet for the ACME HTTP-01 challenge. Ensure your firewall and cloud security groups allow inbound TCP on port 80, and that no other service is listening on port 80 on that machine.

MCP client gets a 401 Unauthorized response

When using password mode, confirm your MCP client is configured to send the password as a Bearer token in the Authorization header. When using OIDC, verify that the authenticated user's email matches the allow-list patterns configured on the proxy.

The wrapped MCP server tools are not visible through the proxy

Test the underlying stdio server directly first (e.g., run the npx command manually and pipe JSON-RPC messages). If the stdio server works in isolation but not through the proxy, check that the command passed after -- is correct and has all required environment variables available to the proxy process.

Frequently Asked Questions about MCP Auth Proxy

What is MCP Auth Proxy?

MCP Auth Proxy is a Model Context Protocol (MCP) server that mcp auth proxy is a secure oauth 2.1 authentication proxy for model context protocol (mcp) servers It connects AI assistants to external tools and data sources through a standardized interface.

How do I install MCP Auth Proxy?

Follow the installation instructions on the MCP Auth Proxy GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with MCP Auth Proxy?

MCP Auth Proxy works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is MCP Auth Proxy free to use?

Yes, MCP Auth Proxy is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

MCP Auth Proxy Alternatives — Similar Security Servers

Looking for alternatives to MCP Auth Proxy? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "mcp-auth-proxy": { "command": "npx", "args": ["-y", "mcp-auth-proxy"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use MCP Auth Proxy?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides