MCP Client Auth
A TypeScript library providing OAuth2 authentication utilities for Model Context Protocol (MCP) clients. This library simplifies the process of adding OAuth authentication to MCP client implementations.
What is MCP Client Auth?
MCP Client Auth is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to typescript library providing oauth2 authentication utilities for model context protocol (mcp) clients. this library simplifies the process of adding oauth authentication to mcp client implementations....
A TypeScript library providing OAuth2 authentication utilities for Model Context Protocol (MCP) clients. This library simplifies the process of adding OAuth authentication to MCP client implementations.
This server falls under the Security and Developer Tools categories on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- A TypeScript library providing OAuth2 authentication utiliti
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx mcp-client-authConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use MCP Client Auth
mcp-client-auth is a TypeScript library that implements the full OAuth2 authorization flow for MCP clients, handling server discovery, dynamic client registration, PKCE-protected authorization, code-to-token exchange, and automatic token refresh in a single installable package. It provides two main classes — McpClient for tool-calling workflows and McpOAuth for fine-grained OAuth control — making it straightforward to connect to MCP servers that require authentication without writing OAuth boilerplate. Developers building MCP clients that need to access protected servers or enterprise integrations use this library to add standards-compliant authentication in minutes.
Prerequisites
- Node.js 18 or later
- npm or yarn package manager
- TypeScript 5+ (the library ships with type definitions)
- An MCP server that requires OAuth2 authentication, with a known server URL
- An OAuth client ID and optional client secret (or support for dynamic client registration)
Install the library
Add mcp-client-auth to your project using npm or yarn. The package ships with TypeScript type definitions so no separate @types package is needed.
npm install mcp-client-authInitialize an McpClient instance
Create an McpClient with your MCP server URL and OAuth redirect URI. The redirect URI should point to a callback endpoint in your application that will receive the authorization code.
import { McpClient } from 'mcp-client-auth';
const client = new McpClient({
url: 'https://mcp.example.com',
oauthRedirectUri: 'http://localhost:3000/mcp/oauth/callback'
});Check authentication status and initiate OAuth flow
Call isAuthRequired() to determine if the server needs authentication and whether the user is already authenticated. If not authenticated, redirect the user to the authorization URL returned in the response.
const authStatus = await client.isAuthRequired();
if (authStatus.isRequired && !authStatus.isAuthenticated) {
// Redirect user to the authorization URL
console.log('Visit this URL to authorize:', authStatus.authorizationRequest.url);
}Handle the OAuth callback and exchange code for token
In your callback route handler, receive the authorization code from the query string and call handleAuthByCode() to complete the token exchange. The library stores the token automatically.
// In your /mcp/oauth/callback route handler
const code = req.query.code as string;
const token = await client.handleAuthByCode(code, authStatus.authorizationRequest);List and call tools on the authenticated server
Once authenticated, use listTools() to discover available tools and callTool() to invoke them. The library attaches the access token to all requests automatically.
const tools = await client.listTools();
console.log('Available tools:', tools);
const result = await client.callTool('tool_name', { param1: 'value1' });
console.log('Tool result:', result);MCP Client Auth Examples
Client configuration
Complete TypeScript example of an authenticated MCP client using mcp-client-auth, suitable for a Node.js Express server.
{
"mcpServers": {
"authenticated-server": {
"command": "npx",
"args": ["-y", "mcp-client-auth"],
"env": {
"MCP_SERVER_URL": "https://mcp.example.com",
"OAUTH_CLIENT_ID": "your_client_id",
"OAUTH_REDIRECT_URI": "http://localhost:3000/mcp/oauth/callback"
}
}
}
}Prompts to try
Code snippets showing common mcp-client-auth usage patterns.
- Check if auth is needed: const status = await client.isAuthRequired();
- Get OAuth URL: console.log(status.authorizationRequest.url);
- Exchange code: await client.handleAuthByCode(code, status.authorizationRequest);
- List tools: const tools = await client.listTools();
- Call a tool: const result = await client.callTool('search', { query: 'hello world' });
- Revoke token: await client.getOAuth().revokeToken();
- Disconnect: await client.disconnect();Troubleshooting MCP Client Auth
OAuth flow fails with 'server discovery returned 404'
The library discovers OAuth metadata from /.well-known/oauth-authorization-server on the MCP server. If that endpoint does not exist on your server, the server may not support OAuth or may use a non-standard discovery URL. Verify the server supports OAuth2 and that the URL passed to McpClient is the server's base URL without a trailing path.
Token refresh fails and the client becomes unauthenticated
Some OAuth servers issue refresh tokens that expire or are single-use. Call client.getOAuth().hasValidToken() before each request. If it returns false, restart the authorization flow with isAuthRequired() and direct the user through the OAuth redirect again. Consider implementing a custom token store via the 'store' option to persist tokens across process restarts.
PKCE errors during code exchange
Ensure you pass the same authorizationRequest object returned by isAuthRequired() into handleAuthByCode(). This object contains the PKCE code verifier that must match the code challenge sent during authorization. Do not regenerate or modify the authorizationRequest between the redirect and callback steps.
Frequently Asked Questions about MCP Client Auth
What is MCP Client Auth?
MCP Client Auth is a Model Context Protocol (MCP) server that typescript library providing oauth2 authentication utilities for model context protocol (mcp) clients. this library simplifies the process of adding oauth authentication to mcp client implementations. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install MCP Client Auth?
Follow the installation instructions on the MCP Client Auth GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with MCP Client Auth?
MCP Client Auth works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is MCP Client Auth free to use?
Yes, MCP Client Auth is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
MCP Client Auth Alternatives — Similar Security Servers
Looking for alternatives to MCP Client Auth? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up MCP Client Auth in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use MCP Client Auth?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.