Enables testing the MCP server with the Cloudflare Workers AI playground, providing a UI for connecting to and interacting with the MCP server.
Allows deploying and hosting the MCP server as a Cloudflare Worker, with instructions for setting environment variables using wrangler CLI and testing the server locally or deployed.
Model Context Protocol (MCP) Server + WorkOS AuthKit
This is an example Model Context Protocol (MCP) server that allows remote clients to connect and authenticate using WorkOS AuthKit.
AuthKit supports user management features including an organization-centric authentication model allowing you to control tool access based on user and organization permissions.
Getting Started
First to create a WorkOS account by signing into the WorkOS Dashboard.
Next, add the MCP server's callback URL as a Redirect URI under Redirects
-> Sign in callback. If you are testing locally, this will be
http://localhost:8788/callback
, or if deployed, the domain of your deployed
worker with the same /callback
path.
Next, you must set the WORKOS_CLIENT_ID
and WORKOS_CLIENT_SECRET
environment
variables. These can be obtained from the WorkOS Dashboard under API Keys.
You can set these in the Cloudflare dashboard or using the wrangler
CLI:
Note: The WORKOS_CLIENT_ID
isn't technically a secret and so you may also choose
to set it via your wrangler.jsonc
configuration file. But WORKOS_CLIENT_SECRET
is not
public and should be securely set elsewhere.
And that's it! You can now test out your remote MCP server using the example playground below.
Testing MCP Authentication
Visit the Cloudflare Workers AI playground and enter the URL of your worker:
After clicking Connect, you'll be redirected to your WorkOS AuthKit domain, where you can sign-in, and be returned to the playground authenticated as a WorkOS AuthKit user.
In the demo code, the generateImage
tool is gated behind the image_generation
permission. You can read more about Permissions in AuthKit here. Try assigning a permission with the image_generation
slug to your user to see how it enables additional tools in the playground.
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
An example MCP server that allows remote clients to connect and authenticate using WorkOS AuthKit, providing organization-centric authentication with permission-based access control for tools.
Related MCP Servers
- -securityAlicense-qualityA lightweight MCP server allowing agents to interact with the WorkOS API for streamlined WorkOS operations through natural language commands.Last updated -4TypeScriptMIT License
- AsecurityFlicenseAqualityA server that enables remote command execution over SSH through the Model Context Protocol (MCP), supporting both password and private key authentication.Last updated -1132JavaScript
- -securityAlicense-qualityThe m2m-mcp-server-ssh-client provides a unified MCP server interface, securely connecting via SSH to the m2m-mcp-server-ssh-server back-end which aggregates MCP servers. This setup offers secure, single-point access to diverse remote tools using robust SSH key-based authentication.Last updated -8PythonMIT License
- -securityFlicense-qualityA Cloudflare Workers-based MCP server implementation that supports OAuth login and bearer token authentication, allowing secure connection from MCP clients like Claude Desktop and the MCP Inspector.Last updated -1TypeScript