remote-mcp-server-authless
Verified Safeby itoyuya1005
Overview
Provides a Model Context Protocol (MCP) server on Cloudflare Workers, exposing simple calculator-like tools and user identity, secured via Google OAuth.
Installation
wrangler devEnvironment Variables
- GOOGLE_CLIENT_ID
- GOOGLE_CLIENT_SECRET
- COOKIE_ENCRYPTION_KEY
- ALLOWED_DOMAIN
Security Notes
The server uses `zod` for schema validation in its tool definitions, which is good for input sanitization. Google OAuth is implemented using `@cloudflare/workers-oauth-provider` and `Hono`. The OAuth flow includes CSRF protection via state stored in KV, secure token exchange with Google, and optional domain validation. No explicit `eval` or similar dangerous functions are used with untrusted input. The reliance on Cloudflare's platform and SDKs suggests a reasonable security posture for the core infrastructure. The main discrepancy is the README's 'authless' claim versus the code's full OAuth implementation, which could lead to user misconfiguration if not careful.
Similar Servers
remote-mcp-server-authless
A remote Model Context Protocol (MCP) server providing basic calculator functionality on Cloudflare Workers, designed to be authentication-less for demonstration or private network usage.
remote-mcp-server-authless
Deploys a Model Context Protocol (MCP) server on Cloudflare Workers to expose simple calculator tools for integration with AI clients, typically without requiring explicit authentication from the client.
bible-api-mcp-server
Deploys a remote Model Context Protocol (MCP) server on Cloudflare Workers, offering authentication-less calculator tools for AI agents and clients.
rest-api-mcp-server-2
Deploys a remote Model Context Protocol (MCP) server on Cloudflare Workers, providing custom AI tools (a calculator in this case) accessible via Server-Sent Events (SSE) without authentication.