If you found value here, please consider starring.
- Drop-in OAuth 2.1/OIDC gateway for MCP servers — put it in front, no code changes.
- Your IdP, your choice: Google, GitHub, or any OIDC provider — e.g. Okta, Auth0, Azure AD, Keycloak — plus optional password.
- Publish local MCP servers safely: Supports all stdio, SSE, and HTTP transports. For stdio, traffic is converted to
/mcp. For SSE/HTTP, it’s proxied as-is. Of course, with authentication. - Verified across major MCP clients: Claude, Claude Code, ChatGPT, GitHub Copilot, Cursor, etc. — the proxy smooths client-specific quirks for consistent auth.
📖 For detailed usage, configuration, and examples, see the Documentation
Domain binding & 80/443 must be accessible from outside.
Download binary from release page.
If you use stdio transport
./mcp-auth-proxy \
--external-url https://{your-domain} \
--tls-accept-tos \
--password changeme \
-- npx -y @modelcontextprotocol/server-filesystem ./That's it! Your HTTP endpoint is now available at https://{your-domain}/mcp.
- stdio (when a command is specified): MCP endpoint is https://{your-domain}/mcp.
- SSE/HTTP (when a URL is specified): MCP endpoint uses the backend’s original path (no conversion).
| MCP Client | Status | Notes |
|---|---|---|
| Claude - Web | ✅ | |
| Claude - Desktop | ✅ | |
| Claude Code | ✅ | |
| ChatGPT - Web | ✅ | Need to implement search and fetch tools.(1) |
| ChatGPT - Desktop | ✅ | Need to implement search and fetch tools.(1) |
| GitHub Copilot | ✅ | |
| Cursor | ✅ |
For a simpler approach to publish local MCP servers over OAuth, consider MCP Warp, which provides an OAuth Proxy + ngrok-like service. We highly recommend considering this option as well.