Is Mcp Auth Proxy safe to use?

Mcp Auth Proxy has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Mcp Auth Proxy?

Mcp Auth Proxy supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Mcp Auth Proxy?

Mcp Auth Proxy is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Mcp Auth Proxy actively maintained?

Mcp Auth Proxy is actively maintained — last commit was 11 days ago. It has 119 GitHub stars.

Mcp Auth Proxy

Name: Mcp Auth Proxy
Author: sigbit

by sigbit

MCP Auth Proxy is a secure OAuth 2.1 authentication proxy for Model Context Protocol (MCP) servers

119 0 tools GitHub

No known CVEs

MIT license

Actively maintained

Last commit 11d ago

Works with most clients

Transport: stdio, sse, http

0 tools

Grade F

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mcp-auth-proxy": {
      "args": [
        "-y",
        "@modelcontextprotocol/server-filesystem"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-auth-proxy)](https://mcppedia.org/s/mcp-auth-proxy)

Read me

What Mcp Auth Proxy does

If you found value here, please consider starring.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

41/100across 5 weighted dimensions

How we score →

0255075100

−59

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Auth Proxy safe to use?: Mcp Auth Proxy has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mcp Auth Proxy?: Mcp Auth Proxy supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Mcp Auth Proxy?: Mcp Auth Proxy is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Mcp Auth Proxy actively maintained?: Mcp Auth Proxy is actively maintained — last commit was 11 days ago. It has 119 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

8.7k 3

io.github.peacprotocol/peac90

Signed receipts for agent, API, and MCP interactions. Portable and offline-verifiable.

11 5

Iam Policy Autopilot90

IAM Policy Autopilot is an open source static code analysis tool that helps you quickly create baseline AWS IAM policies that you can refine as your application evolves. This tool is available as a command-line utility and MCP server for use within AI coding assistants for quickly building IAM policies.

361 1

MCP Security Weekly

Get CVE alerts and security updates for Mcp Auth Proxy and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mcp-auth-proxy": {
      "args": [
        "-y",
        "@modelcontextprotocol/server-filesystem"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-auth-proxy)](https://mcppedia.org/s/mcp-auth-proxy)

Read me

What Mcp Auth Proxy does

If you found value here, please consider starring.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

MCP Auth Proxy

If you found value here, please consider starring.

Overview

Drop-in OAuth 2.1/OIDC gateway for MCP servers — put it in front, no code changes.
Your IdP, your choice: Google, GitHub, or any OIDC provider — e.g. Okta, Auth0, Azure AD, Keycloak — plus optional password.
Flexible user matching: Support exact matching and glob patterns for user authorization (e.g., *@company.com)
Publish local MCP servers safely: Supports all stdio, SSE, and HTTP transports. For stdio, traffic is converted to /mcp. For SSE/HTTP, it's proxied as-is. Of course, with authentication.
Verified across major MCP clients: Claude, Claude Code, ChatGPT, GitHub Copilot, Cursor, etc. — the proxy smooths client-specific quirks for consistent auth.

📖 For detailed usage, configuration, and examples, see the Documentation

Quickstart

Domain binding & 80/443 must be accessible from outside.

Download binary from release page.

If you use stdio transport

./mcp-auth-proxy \
  --external-url https://{your-domain} \
  --tls-accept-tos \
  --password changeme \
  -- npx -y @modelcontextprotocol/server-filesystem ./

That's it! Your HTTP endpoint is now available at https://{your-domain}/mcp.

stdio (when a command is specified): MCP endpoint is https://{your-domain}/mcp.
SSE/HTTP (when a URL is specified): MCP endpoint uses the backend’s original path (no conversion).

Already have certificates? Pass --tls-cert-file and --tls-key-file instead of --tls-accept-tos.

Why not MCP Gateway?

mcp-auth-proxy: A lightweight proxy that adds authentication to any MCP server (optional stdio→HTTP(S) conversion)
MCP Gateway: A hub to orchestrate multiple MCP servers (aggregation, catalog integration)

When to choose `mcp-auth-proxy`

You just need to add auth to one or a few MCPs (enforce OAuth/OIDC/password-only)
Catalog integration and aggregation aren’t needed (e.g., self-hosted or independently managed MCP deployments)

When to choose MCP Gateway

You need to manage multiple MCPs centrally (aggregation, policies/permissions, auditing, centralized logging)
You want catalog integration and aggregation

Note: They are not mutually exclusive. You can put mcp-auth-proxy in front of a Gateway's public endpoint to enforce authentication if the Gateway itself doesn't handle it.

TL;DR: Orchestrate many → Gateway / Expose safely & quickly → mcp-auth-proxy

Verified MCP Client

MCP Client	Status	Notes
Claude - Web	✅
Claude - Desktop	✅
Claude Code	✅
ChatGPT - Web	✅	Need to implement `search` and `fetch` tools.(1)
ChatGPT - Desktop	✅	Need to implement `search` and `fetch` tools.(1)
GitHub Copilot	✅
Cursor	✅

*1: https://platform.openai.com/docs/mcp

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

41/100across 5 weighted dimensions

How we score →

0255075100

−59

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Auth Proxy safe to use?: Mcp Auth Proxy has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mcp Auth Proxy?: Mcp Auth Proxy supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Mcp Auth Proxy?: Mcp Auth Proxy is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Mcp Auth Proxy actively maintained?: Mcp Auth Proxy is actively maintained — last commit was 11 days ago. It has 119 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

8.7k 3

io.github.peacprotocol/peac90

Signed receipts for agent, API, and MCP interactions. Portable and offline-verifiable.

11 5

Iam Policy Autopilot90

361 1

MCP Security Weekly

Get CVE alerts and security updates for Mcp Auth Proxy and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Mcp Auth Proxy

Install in your client

What Mcp Auth Proxy does

Test This Server

Why this score

41/100across 5 weighted dimensions

Security

Reviews

Frequently Asked Questions

Similar servers

Discussion

Mcp Auth Proxy

Install in your client

What Mcp Auth Proxy does

Test This Server

MCP Auth Proxy

Overview

Quickstart

Why not MCP Gateway?

When to choose mcp-auth-proxy

When to choose MCP Gateway

Verified MCP Client

Why this score

41/100across 5 weighted dimensions

Security

Reviews

Frequently Asked Questions

Similar servers

Discussion

MCP Auth Proxy

Overview

Quickstart

Why not MCP Gateway?

When to choose mcp-auth-proxy

When to choose MCP Gateway

Verified MCP Client

When to choose `mcp-auth-proxy`

When to choose `mcp-auth-proxy`