mcp-auth-proxy
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mcp-auth-proxyconnect to https://mcp.company.com/api with client ID my-app"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
mcp-auth-proxy
Stdio-to-HTTP MCP proxy with OAuth 2.1 authentication (PKCE + browser login).
Bridges the gap when your LLM harness only supports stdio MCP servers but the remote MCP server requires OAuth (e.g., Microsoft Entra ID).
LLM Harness (stdio only)
↕ stdin/stdout (JSON-RPC)
mcp-auth-proxy
↕ Streamable HTTP + Bearer token
Remote MCP Server (OAuth-protected)Features
RFC 9728 discovery — auto-discovers authorization server and scopes from the MCP server's protected resource metadata
OAuth 2.1 + PKCE — browser-based login, no client secrets needed (public client)
Random callback port — each instance uses a random port, safe to run multiple instances simultaneously
Auto token refresh — handled transparently by the SDK transport
In-memory only — tokens are never written to disk
Full proxy — tools, resources, and prompts are all proxied
Related MCP server: workiq-mcp-bridge
Installation
⚠️ This package is not published on npm. Install from source using
npm link.
git clone https://github.com/manio143/mcp-stdio-proxy.git
cd mcp-stdio-proxy
npm install
npm run build
npm linkUsage
# Basic — discovers client ID from server metadata
mcp-auth-proxy https://mcp.company.com/api
# With explicit client ID
mcp-auth-proxy https://mcp.company.com/api --clientId=my-app-client-idIn MCP client config (e.g., Claude Desktop, VS Code)
{
"mcpServers": {
"my-server": {
"command": "mcp-auth-proxy",
"args": ["https://mcp.company.com/api", "--clientId=my-app-id"]
}
}
}How authentication works
Proxy probes the remote MCP endpoint → gets
401Parses
WWW-Authenticateheader for resource metadata URL (RFC 9728)Fetches protected resource metadata → finds authorization server + scopes
Fetches authorization server metadata (RFC 8414 / OIDC Discovery)
Opens browser for OAuth 2.1 authorization code flow with PKCE
Receives callback on
http://localhost:{random-port}/callbackExchanges code for tokens
All subsequent requests include
Authorization: Bearer <token>Token refresh happens automatically when tokens expire
Client ID resolution
If
--clientIdis provided, uses thatIf the server's protected resource metadata advertises a client ID, uses that
If the server supports dynamic client registration (RFC 7591), registers automatically
Otherwise, exits with an error
Requirements
Node.js ≥ 20
A browser for the OAuth login flow
The remote MCP server must support Streamable HTTP transport
Security
Tokens held in memory only — process exit clears them
PKCE prevents authorization code interception
Callback server binds to
127.0.0.1onlyRandom port prevents port conflicts and prediction
License
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/manio143/mcp-stdio-proxy'
If you have feedback or need assistance with the MCP directory API, please join our Discord server