MCP Front

v1.0.0Developer Toolsstable

Auth proxy for Model Context Protocol servers - adds authentication to MCP tools for Claude.ai, Claude Code, Cursor, Gemini

authclaudeclaude-codemcpproxy
Share:
51
Stars
0
Downloads
0
Weekly
0/5

What is MCP Front?

MCP Front is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to auth proxy for model context protocol servers - adds authentication to mcp tools for claude.ai, claude code, cursor, gemini

Auth proxy for Model Context Protocol servers - adds authentication to MCP tools for Claude.ai, Claude Code, Cursor, Gemini

This server falls under the Developer Tools category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Auth proxy for Model Context Protocol servers - adds authent

Use Cases

MCP server authentication proxy
Secure tool access across IDE platforms
stainless-api

Maintainer

LicenseNOASSERTION
Languagego
Versionv1.0.0
UpdatedMay 21, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx mcp-front

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use MCP Front

mcp-front is an authentication gateway written in Go that sits between Claude (or any MCP client) and your internal MCP servers. Without it, MCP servers have no built-in multi-user auth — you either expose them to the internet or run a separate instance per user. mcp-front solves this by adding OAuth 2.0 authentication (supporting Google, Azure AD, GitHub, and any OIDC provider) and per-user session isolation, so your whole team can securely use Claude against internal databases, APIs, and tools without modifying the MCP servers themselves. It proxies stdio, SSE, and streamable HTTP MCP backends and injects per-user API keys automatically for services like Notion or Linear.

Prerequisites

  • Go 1.21 or later (for building from source), or Docker
  • A domain with HTTPS configured (for production OAuth; localhost works for local development)
  • An identity provider configured for OAuth — Google Workspace, Azure AD, GitHub, or any OIDC-compliant provider
  • The MCP servers you want to protect already deployed and accessible from the mcp-front host
  • An MCP-compatible client such as Claude.ai, Claude Desktop, Claude Code, or Cursor
1

Install mcp-front

Install via Go or pull the Docker image. For local development, the Go install is simplest.

# Via Go
go install github.com/stainless-api/mcp-front/cmd/mcp-front@main

# Or pull the Docker image
docker pull dgellow/mcp-front:latest
2

Create a config.json file

Define your proxy address, base URL, and the MCP servers to protect. For local testing you can use static bearer tokens instead of OAuth. The example below proxies the filesystem MCP server.

{
  "version": "v0.0.1-DEV_EDITION_EXPECT_CHANGES",
  "proxy": {
    "baseURL": "http://localhost:8080",
    "addr": ":8080"
  },
  "mcpServers": {
    "filesystem": {
      "transportType": "stdio",
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"],
      "serviceAuths": [
        {
          "type": "bearer",
          "tokens": ["dev-token-123"]
        }
      ]
    }
  }
}
3

Start mcp-front

Run the server pointing at your config file. In Docker mode mount the config as a volume.

# With Go binary
mcp-front -config config.json

# With Docker
docker run -p 8080:8080 \
  -v $(pwd)/config.json:/app/config.json \
  dgellow/mcp-front:latest
4

Add the mcp-front SSE endpoint to your MCP client

In Claude.ai or Claude Desktop, add a new MCP server with the SSE URL pointing to mcp-front, using the bearer token defined in your config.

{
  "mcpServers": {
    "filesystem-via-mcp-front": {
      "url": "http://localhost:8080/filesystem/sse",
      "headers": {
        "Authorization": "Bearer dev-token-123"
      }
    }
  }
}
5

Configure OAuth for production

Replace the static bearer token auth with an OIDC provider block in config.json. Set your identity provider's issuer URL, client ID, and client secret. Users will be redirected to log in via your provider on first connection.

MCP Front Examples

Client configuration

MCP client config pointing at a locally running mcp-front instance with a static dev bearer token. In production, Claude will redirect to your OAuth provider instead of using a static token.

{
  "mcpServers": {
    "internal-tools": {
      "url": "https://your-domain.com/filesystem/sse",
      "headers": {
        "Authorization": "Bearer your-team-token"
      }
    }
  }
}

Prompts to try

Once mcp-front is running and your backend MCP servers are proxied, use the same prompts you would use with those servers directly — mcp-front is transparent to the AI.

- "List the files in /tmp via the filesystem tool"
- "Read the contents of /tmp/notes.txt"
- "Which MCP tools are available through this connection?"
- "Create a file at /tmp/hello.txt with the text 'hello from Claude'"
- "Show me what tools are exposed by the internal-tools MCP server"

Troubleshooting MCP Front

Claude connects to the SSE endpoint but immediately disconnects

Check that the bearer token in your MCP client's Authorization header matches one of the tokens in the serviceAuths section of your config.json. Token mismatches cause an immediate 401 which closes the connection.

The stdio MCP server subprocess fails to start

mcp-front runs the stdio server as a child process. Ensure the command (e.g. npx) is available in the PATH of the mcp-front process. When running in Docker, the target binary must also be installed inside the container.

OAuth redirect loop or 'organization not allowed' error

mcp-front validates that authenticated users belong to your configured organization or domain. Verify the allowedDomains or allowedOrganization field in your OIDC provider config matches your users' email domains exactly.

Frequently Asked Questions about MCP Front

What is MCP Front?

MCP Front is a Model Context Protocol (MCP) server that auth proxy for model context protocol servers - adds authentication to mcp tools for claude.ai, claude code, cursor, gemini It connects AI assistants to external tools and data sources through a standardized interface.

How do I install MCP Front?

Follow the installation instructions on the MCP Front GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with MCP Front?

MCP Front works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is MCP Front free to use?

Yes, MCP Front is open source and available under the NOASSERTION license. You can use it freely in both personal and commercial projects.

Browse More Developer Tools MCP Servers

Explore all developer tools servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "mcp-front": { "command": "npx", "args": ["-y", "mcp-front"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use MCP Front?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides