MCP Client Auth

v1.0.0Securitystable

A TypeScript library providing OAuth2 authentication utilities for Model Context Protocol (MCP) clients. This library simplifies the process of adding OAuth authentication to MCP client implementations.

mcp-client-authmcpai-integration
Share:
34
Stars
0
Downloads
0
Weekly
0/5

What is MCP Client Auth?

MCP Client Auth is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to typescript library providing oauth2 authentication utilities for model context protocol (mcp) clients. this library simplifies the process of adding oauth authentication to mcp client implementations....

A TypeScript library providing OAuth2 authentication utilities for Model Context Protocol (MCP) clients. This library simplifies the process of adding OAuth authentication to MCP client implementations.

This server falls under the Security and Developer Tools categories on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • A TypeScript library providing OAuth2 authentication utiliti

Use Cases

Add OAuth2 authentication to MCP client implementations.
Simplify secure authentication workflows.
Handle token management automatically.
dzhng

Maintainer

LicenseMIT
Languagetypescript
Versionv1.0.0
UpdatedDec 5, 2025
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx mcp-client-auth

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use MCP Client Auth

mcp-client-auth is a TypeScript library that implements the full OAuth2 authorization flow for MCP clients, handling server discovery, dynamic client registration, PKCE-protected authorization, code-to-token exchange, and automatic token refresh in a single installable package. It provides two main classes — McpClient for tool-calling workflows and McpOAuth for fine-grained OAuth control — making it straightforward to connect to MCP servers that require authentication without writing OAuth boilerplate. Developers building MCP clients that need to access protected servers or enterprise integrations use this library to add standards-compliant authentication in minutes.

Prerequisites

  • Node.js 18 or later
  • npm or yarn package manager
  • TypeScript 5+ (the library ships with type definitions)
  • An MCP server that requires OAuth2 authentication, with a known server URL
  • An OAuth client ID and optional client secret (or support for dynamic client registration)
1

Install the library

Add mcp-client-auth to your project using npm or yarn. The package ships with TypeScript type definitions so no separate @types package is needed.

npm install mcp-client-auth
2

Initialize an McpClient instance

Create an McpClient with your MCP server URL and OAuth redirect URI. The redirect URI should point to a callback endpoint in your application that will receive the authorization code.

import { McpClient } from 'mcp-client-auth';

const client = new McpClient({
  url: 'https://mcp.example.com',
  oauthRedirectUri: 'http://localhost:3000/mcp/oauth/callback'
});
3

Check authentication status and initiate OAuth flow

Call isAuthRequired() to determine if the server needs authentication and whether the user is already authenticated. If not authenticated, redirect the user to the authorization URL returned in the response.

const authStatus = await client.isAuthRequired();

if (authStatus.isRequired && !authStatus.isAuthenticated) {
  // Redirect user to the authorization URL
  console.log('Visit this URL to authorize:', authStatus.authorizationRequest.url);
}
4

Handle the OAuth callback and exchange code for token

In your callback route handler, receive the authorization code from the query string and call handleAuthByCode() to complete the token exchange. The library stores the token automatically.

// In your /mcp/oauth/callback route handler
const code = req.query.code as string;
const token = await client.handleAuthByCode(code, authStatus.authorizationRequest);
5

List and call tools on the authenticated server

Once authenticated, use listTools() to discover available tools and callTool() to invoke them. The library attaches the access token to all requests automatically.

const tools = await client.listTools();
console.log('Available tools:', tools);

const result = await client.callTool('tool_name', { param1: 'value1' });
console.log('Tool result:', result);

MCP Client Auth Examples

Client configuration

Complete TypeScript example of an authenticated MCP client using mcp-client-auth, suitable for a Node.js Express server.

{
  "mcpServers": {
    "authenticated-server": {
      "command": "npx",
      "args": ["-y", "mcp-client-auth"],
      "env": {
        "MCP_SERVER_URL": "https://mcp.example.com",
        "OAUTH_CLIENT_ID": "your_client_id",
        "OAUTH_REDIRECT_URI": "http://localhost:3000/mcp/oauth/callback"
      }
    }
  }
}

Prompts to try

Code snippets showing common mcp-client-auth usage patterns.

- Check if auth is needed: const status = await client.isAuthRequired();
- Get OAuth URL: console.log(status.authorizationRequest.url);
- Exchange code: await client.handleAuthByCode(code, status.authorizationRequest);
- List tools: const tools = await client.listTools();
- Call a tool: const result = await client.callTool('search', { query: 'hello world' });
- Revoke token: await client.getOAuth().revokeToken();
- Disconnect: await client.disconnect();

Troubleshooting MCP Client Auth

OAuth flow fails with 'server discovery returned 404'

The library discovers OAuth metadata from /.well-known/oauth-authorization-server on the MCP server. If that endpoint does not exist on your server, the server may not support OAuth or may use a non-standard discovery URL. Verify the server supports OAuth2 and that the URL passed to McpClient is the server's base URL without a trailing path.

Token refresh fails and the client becomes unauthenticated

Some OAuth servers issue refresh tokens that expire or are single-use. Call client.getOAuth().hasValidToken() before each request. If it returns false, restart the authorization flow with isAuthRequired() and direct the user through the OAuth redirect again. Consider implementing a custom token store via the 'store' option to persist tokens across process restarts.

PKCE errors during code exchange

Ensure you pass the same authorizationRequest object returned by isAuthRequired() into handleAuthByCode(). This object contains the PKCE code verifier that must match the code challenge sent during authorization. Do not regenerate or modify the authorizationRequest between the redirect and callback steps.

Frequently Asked Questions about MCP Client Auth

What is MCP Client Auth?

MCP Client Auth is a Model Context Protocol (MCP) server that typescript library providing oauth2 authentication utilities for model context protocol (mcp) clients. this library simplifies the process of adding oauth authentication to mcp client implementations. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install MCP Client Auth?

Follow the installation instructions on the MCP Client Auth GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with MCP Client Auth?

MCP Client Auth works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is MCP Client Auth free to use?

Yes, MCP Client Auth is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

MCP Client Auth Alternatives — Similar Security Servers

Looking for alternatives to MCP Client Auth? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "mcp-client-auth": { "command": "npx", "args": ["-y", "mcp-client-auth"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use MCP Client Auth?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides