Skillget

mcp-auth-proxy

mcp
Guvenlik Denetimi
Gecti
Health Gecti
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 86 GitHub stars
Code Gecti
  • Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Gecti
  • Permissions — No dangerous permissions requested
Purpose
This tool acts as a lightweight, drop-in authentication gateway. It wraps around Model Context Protocol (MCP) servers to instantly add secure OAuth 2.1/OIDC or password-based login without requiring any changes to the underlying server code.

Security Assessment
Operating as a network proxy inherently involves managing sensitive data, specifically processing OAuth tokens and routing API traffic. The quickstart documentation shows it can execute shell commands (wrapping standard input/output tools), but the automated code scan found no dangerous execution patterns or hardcoded secrets. Its core function requires making and receiving network requests, explicitly handling TLS certificates and external domain routing. Because it passed the code scan with no dangerous patterns and requires no risky system permissions, the overall risk is rated as Low.

Quality Assessment
The project is under active development, with its most recent updates pushed today. It holds a permissive MIT license, making it fully open source and suitable for integration into most projects. Community trust is solid, evidenced by 86 GitHub stars, and the documentation is clear and comprehensive.

Verdict
Safe to use.
SUMMARY

MCP Auth Proxy is a secure OAuth 2.1 authentication proxy for Model Context Protocol (MCP) servers

README.md

MCP Auth Proxy

Secure your MCP server with OAuth 2.1 — in a minute

If you found value here, please consider starring.

Overview

  • Drop-in OAuth 2.1/OIDC gateway for MCP servers — put it in front, no code changes.
  • Your IdP, your choice: Google, GitHub, or any OIDC provider — e.g. Okta, Auth0, Azure AD, Keycloak — plus optional password.
  • Flexible user matching: Support exact matching and glob patterns for user authorization (e.g., *@company.com)
  • Publish local MCP servers safely: Supports all stdio, SSE, and HTTP transports. For stdio, traffic is converted to /mcp. For SSE/HTTP, it's proxied as-is. Of course, with authentication.
  • Verified across major MCP clients: Claude, Claude Code, ChatGPT, GitHub Copilot, Cursor, etc. — the proxy smooths client-specific quirks for consistent auth.

📖 For detailed usage, configuration, and examples, see the Documentation

Quickstart

Domain binding & 80/443 must be accessible from outside.

Download binary from release page.

If you use stdio transport

./mcp-auth-proxy \
  --external-url https://{your-domain} \
  --tls-accept-tos \
  --password changeme \
  -- npx -y @modelcontextprotocol/server-filesystem ./

That's it! Your HTTP endpoint is now available at https://{your-domain}/mcp.

  • stdio (when a command is specified): MCP endpoint is https://{your-domain}/mcp.
  • SSE/HTTP (when a URL is specified): MCP endpoint uses the backend’s original path (no conversion).

Already have certificates? Pass --tls-cert-file and --tls-key-file instead of --tls-accept-tos.

Why not MCP Gateway?

mcp-auth-proxy: A lightweight proxy that adds authentication to any MCP server (optional stdio→HTTP(S) conversion)
MCP Gateway: A hub to orchestrate multiple MCP servers (aggregation, catalog integration)

When to choose mcp-auth-proxy

  • You just need to add auth to one or a few MCPs (enforce OAuth/OIDC/password-only)
  • Catalog integration and aggregation aren’t needed (e.g., self-hosted or independently managed MCP deployments)

When to choose MCP Gateway

  • You need to manage multiple MCPs centrally (aggregation, policies/permissions, auditing, centralized logging)
  • You want catalog integration and aggregation

Note: They are not mutually exclusive. You can put mcp-auth-proxy in front of a Gateway's public endpoint to enforce authentication if the Gateway itself doesn't handle it.

TL;DR: Orchestrate many → Gateway / Expose safely & quickly → mcp-auth-proxy

Verified MCP Client

MCP Client Status Notes
Claude - Web
Claude - Desktop
Claude Code
ChatGPT - Web Need to implement search and fetch tools.(1)
ChatGPT - Desktop Need to implement search and fetch tools.(1)
GitHub Copilot
Cursor

Yorumlar (0)

Sonuc bulunamadi