Command Palette

Search for a command to run...

UnylyUnyly
Browse all

Access Self Hosted Server

FreeNot checked

An MCP server protected by Cloudflare Access, validating JWTs to conditionally expose tools based on user identity.

GitHubEmbed

About

An MCP server protected by Cloudflare Access, validating JWTs to conditionally expose tools based on user identity.

README

A Model Context Protocol (MCP) server protected by Cloudflare Access as a self-hosted application. Unlike the Access for SaaS demo, this approach requires no OAuth implementation — Cloudflare Access handles authentication automatically.

The MCP server demonstrates:

  • Validating the Access JWT signature against your team's public keys using jose
  • Verifying the JWT issuer and audience claims
  • Reading user identity from the validated JWT
  • Conditionally exposing tools based on user identity

Getting Started

Clone the repo and install dependencies:

npm install

Create a self-hosted Access application

  1. In Cloudflare One, go to Access controls > Applications > Add an application > Self-hosted.
  2. Set the Application domain to your Worker URL (e.g., mcp-access-self-hosted.<your-subdomain>.workers.dev).
  3. Add an Access policy to control who can connect (e.g., allow emails ending in @yourcompany.com).

Configure environment variables

Update wrangler.jsonc with your Access application details:

  • TEAM_DOMAIN: Your Cloudflare One team domain (e.g., https://<your-team-name>.cloudflareaccess.com)
  • POLICY_AUD: Your application's AUD tag (found under Access controls > Applications > your app > Basic information)

Deploy

wrangler deploy

Test

Test the remote server using Inspector:

npx @modelcontextprotocol/inspector@latest

Enter https://mcp-access-self-hosted.<your-subdomain>.workers.dev/mcp and connect. You will be prompted to log in through your Access identity provider.

Connect from Claude Desktop

Open Claude Desktop, go to Settings > Developer > Edit Config, and add:

{
	"mcpServers": {
		"access-self-hosted": {
			"type": "http",
			"url": "https://mcp-access-self-hosted.<your-subdomain>.workers.dev/mcp"
		}
	}
}

Local Development

wrangler dev

Note: In local development, Cf-Access-Jwt-Assertion is not set by Access. You can test by manually setting the header or by using cloudflared access to tunnel through Access.

from github.com/jlavoieca/mcp

Installing Access Self Hosted Server

This server has no published package — it is built from source. Open the repository and follow its README.

▸ github.com/jlavoieca/mcp

FAQ

Is Access Self Hosted Server MCP free?

Yes, Access Self Hosted Server MCP is free — one-click install via Unyly at no cost.

Does Access Self Hosted Server need an API key?

No, Access Self Hosted Server runs without API keys or environment variables.

Is Access Self Hosted Server hosted or self-hosted?

A hosted option is available: Unyly runs the server in the cloud, no local setup required.

How do I install Access Self Hosted Server in Claude Desktop, Claude Code or Cursor?

Open Access Self Hosted Server on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.

Related MCPs

Compare Access Self Hosted Server with

Not sure what to pick?

Find your stack in 60 seconds

Author?

Embed badge for your README

Browse similar

All development MCPs