cf-mcp-server-clerk
Verified Safeby codewithpassion
Overview
This server provides a Model Context Protocol (MCP) server with Clerk OAuth authentication, enabling secure remote AI tool access.
Installation
wrangler devEnvironment Variables
- CLERK_CLIENT_ID
- CLERK_CLIENT_SECRET
- CLERK_SECRET_KEY
- CLERK_FRONTEND_API
- COOKIE_ENCRYPTION_KEY
Security Notes
The project demonstrates good security practices for OAuth, including RFC 9700 compliant CSRF and state validation with one-time use tokens stored in KV. Secure cookies (`__Host-` prefix, HttpOnly, Secure, SameSite=Lax) and signed client approval cookies are used. Input URLs and text for display in the approval dialog are sanitized (`sanitizeText`, `sanitizeUrl`) to prevent XSS. The `JSON.parse(atob(encodedState))` is used, but it's protected by prior CSRF validation and later state validation against KV and a session-bound hash, mitigating injection risks. The `README` explicitly warns it's a demo and requires further production-level security measures.
Similar Servers
remote-mcp-server-authless1
A remote Model Context Protocol (MCP) server that exposes unauthenticated calculator tools via Cloudflare Workers for AI agents.
remote-mcp-server-authless
Provides an unauthenticated remote Model Context Protocol (MCP) server for integrating custom tools with AI models on Cloudflare Workers.
remote-mcp-server
This server provides a remote Model Context Protocol (MCP) endpoint on Cloudflare Workers, demonstrating how to integrate custom tools with AI agents (like Claude) and manage OAuth-based authentication.
test-remote-mcp-server
Deploys a remote Model Context Protocol (MCP) server on Cloudflare Workers to expose custom tools to AI agents without authentication.