cf-mcp-server-clerk
Verified Safeby codewithpassion
Overview
A Model Context Protocol (MCP) server that provides remote OAuth authentication using Clerk, enabling LLM agents to access tools with role-based access control.
Installation
npm run devEnvironment Variables
- CLERK_CLIENT_ID
- CLERK_CLIENT_SECRET
- CLERK_SECRET_KEY
- CLERK_FRONTEND_API
- COOKIE_ENCRYPTION_KEY
Security Notes
The server implements robust OAuth 2.1 authorization with strong security controls, including one-time use CSRF tokens (`__Host-CSRF_TOKEN`), state binding to user sessions (`__Host-CONSENTED_STATE`), and cryptographic cookie signing for approved clients (`__Host-APPROVED_CLIENTS`). All secrets (Clerk API keys, cookie encryption key) are loaded from environment variables/Wrangler secrets, preventing hardcoding. Input URLs and text are sanitized to mitigate XSS risks. The architecture separates OAuth concerns from MCP tool logic, and it correctly uses Cloudflare's platform features like KV storage for ephemeral state and Durable Objects for persistent MCP state. The README explicitly warns that it is a demo and requires further production hardening (e.g., rate limiting, advanced monitoring) which is sound advice for any production system.
Similar Servers
remote-mcp-oauth-github
Provides a Cloudflare Workers-based Model Context Protocol (MCP) server with GitHub OAuth for secure custom integrations with Claude.ai.
remote-mcp-server-authless
Provides an unauthenticated remote Model Context Protocol (MCP) server for integrating custom tools with AI models on Cloudflare Workers.
remote-mcp-server
This server provides a remote Model Context Protocol (MCP) endpoint on Cloudflare Workers, demonstrating how to integrate custom tools with AI agents (like Claude) and manage OAuth-based authentication.
test-remote-mcp-server
Deploys a remote Model Context Protocol (MCP) server on Cloudflare Workers to expose custom tools to AI agents without authentication.