Access Self Hosted Server
FreeNot checkedAn MCP server protected by Cloudflare Access, validating JWTs to conditionally expose tools based on user identity.
About
An MCP server protected by Cloudflare Access, validating JWTs to conditionally expose tools based on user identity.
README
A Model Context Protocol (MCP) server protected by Cloudflare Access as a self-hosted application. Unlike the Access for SaaS demo, this approach requires no OAuth implementation — Cloudflare Access handles authentication automatically.
The MCP server demonstrates:
- Validating the Access JWT signature against your team's public keys using jose
- Verifying the JWT issuer and audience claims
- Reading user identity from the validated JWT
- Conditionally exposing tools based on user identity
Getting Started
Clone the repo and install dependencies:
npm install
Create a self-hosted Access application
- In Cloudflare One, go to Access controls > Applications > Add an application > Self-hosted.
- Set the Application domain to your Worker URL (e.g.,
mcp-access-self-hosted.<your-subdomain>.workers.dev). - Add an Access policy to control who can connect (e.g., allow emails ending in
@yourcompany.com).
Configure environment variables
Update wrangler.jsonc with your Access application details:
TEAM_DOMAIN: Your Cloudflare One team domain (e.g.,https://<your-team-name>.cloudflareaccess.com)POLICY_AUD: Your application's AUD tag (found under Access controls > Applications > your app > Basic information)
Deploy
wrangler deploy
Test
Test the remote server using Inspector:
npx @modelcontextprotocol/inspector@latest
Enter https://mcp-access-self-hosted.<your-subdomain>.workers.dev/mcp and connect. You will be prompted to log in through your Access identity provider.
Connect from Claude Desktop
Open Claude Desktop, go to Settings > Developer > Edit Config, and add:
{
"mcpServers": {
"access-self-hosted": {
"type": "http",
"url": "https://mcp-access-self-hosted.<your-subdomain>.workers.dev/mcp"
}
}
}
Local Development
wrangler dev
Note: In local development, Cf-Access-Jwt-Assertion is not set by Access. You can test by manually setting the header or by using cloudflared access to tunnel through Access.
Installing Access Self Hosted Server
This server has no published package — it is built from source. Open the repository and follow its README.
▸ github.com/jlavoieca/mcpFAQ
Is Access Self Hosted Server MCP free?
Yes, Access Self Hosted Server MCP is free — one-click install via Unyly at no cost.
Does Access Self Hosted Server need an API key?
No, Access Self Hosted Server runs without API keys or environment variables.
Is Access Self Hosted Server hosted or self-hosted?
A hosted option is available: Unyly runs the server in the cloud, no local setup required.
How do I install Access Self Hosted Server in Claude Desktop, Claude Code or Cursor?
Open Access Self Hosted Server on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
GitHub
PRs, issues, code search, CI status
by GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
by mcpdotdirectCompare Access Self Hosted Server with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All development MCPs
