MCPify

MCPify is a .NET library that bridges the gap between your existing ASP.NET Core APIs (or external OpenAPI/Swagger specs) and the Model Context Protocol (MCP). It allows you to expose API operations as MCP tools that can be consumed by AI assistants like Claude Desktop, ensuring seamless integration with your existing services.

Latest Release: v0.0.12 - Now with enhanced OAuth middleware and improved testing infrastructure!

What's New

v0.0.12 (Latest - Jan 23, 2026)

• Enhanced OAuth Middleware: Improved OAuth authentication middleware with better error handling and token management (#17)
• JWT Token Validation: Full support for JWT access token validation including expiration, audience, and scope verification (#15)
• Per-Tool Scope Requirements: Define granular scope requirements for specific tools using pattern matching (#15)
• Automatic Scope Discovery: Scopes are automatically extracted from OpenAPI security schemes and enforced during validation (#15)
• WWW-Authenticate Header: Improved WWW-Authenticate header to include scope parameter per MCP spec
• LoginBrowserBehavior: Control browser launch behavior for OAuth login in headless environments
• OAuth2Configuration List: Support for multiple OAuth providers with AuthorizationServers exposure (#13)

Features

• Automatic Tool Generation: Dynamically converts OpenAPI (Swagger) v2/v3 definitions into MCP tools.
• Hybrid Support: Expose your local ASP.NET Core endpoints and external public APIs simultaneously.
• Seamless Authentication: Built-in support for OAuth 2.0 Authorization Code Flow with PKCE.
  • Includes a login_auth_code_pkce tool that handles the browser-based login flow automatically.
  • Securely stores tokens per session using encrypted local storage.
  • Automatically refreshes tokens when they expire.
• MCP Authorization Spec Compliant: Full compliance with the MCP Authorization Specification.
  • Protected Resource Metadata (/.well-known/oauth-protected-resource)
  • RFC 8707 Resource Parameter support
  • JWT token validation (expiration, audience, scopes)
  • 403 Forbidden with insufficient_scope error
• Dual Transport: Supports both Stdio (for local desktop apps like Claude) and Http (SSE) transports.
• Production Ready: Robust logging, error handling, and configurable options.

Supported Frameworks

• .NET 8, .NET 9, .NET 10

Quick Start

1. Installation

Install the package into your ASP.NET Core project:

dotnet add package MCPify

2. Configuration

Add MCPify to your Program.cs:

using MCPify.Hosting;

var builder = WebApplication.CreateBuilder(args);

// ... Add other services ...

// Add MCPify services
builder.Services.AddMcpify(options =>
{
    // Stdio for local tools (Claude Desktop), Http for remote servers
    options.Transport = McpTransportType.Stdio;

    // Option A: Expose Local Endpoints
    options.LocalEndpoints = new LocalEndpointsOptions
    {
        Enabled = true,
        ToolPrefix = "myapp_",
        BaseUrlOverride = "https://localhost:5001",  // Optional: override base URL
        Filter = op => op.Route.StartsWith("/api"),  // Optional: filter endpoints
        AuthenticationFactory = sp => sp.GetRequiredService<OAuthAuthorizationCodeAuthentication>()  // Optional
    };

    // Option B: Expose External APIs from URL
    options.ExternalApis.Add(new ExternalApiOptions
    {
        ApiBaseUrl = "https://petstore.swagger.io/v2",
        OpenApiUrl = "https://petstore.swagger.io/v2/swagger.json",
        ToolPrefix = "pe

... [View full README on GitHub](https://github.com/abdebek/MCPify#readme)