Auth Fetch
FreeNot checkedA powerful and flexible package designed to simplify HTTP/HTTPS requests by automatically applying authentication credentials based on configurable rules. It ac
About
A powerful and flexible package designed to simplify HTTP/HTTPS requests by automatically applying authentication credentials based on configurable rules. It acts as a seamless proxy for your fetch calls, finding the correct authentication method for a given URL, and attaching the necessary headers or parameters.
README
MCP Auth Fetch
mcp-auth-fetch is a powerful and flexible package designed to simplify HTTP/HTTPS requests by automatically applying authentication credentials based on configurable rules.
It acts as a seamless proxy for your fetch calls, finding the correct authentication method for a given URL, and attaching the necessary headers or parameters.
Features
- Rule-Based Authentication: Configure different authentication methods for different URL patterns (exact match, glob, or regex).
- Multiple Auth Methods: Supports Bearer Tokens, API Keys (in header or query), Basic Auth, and custom Cookies.
- Environment Variable Support: Keep your secrets safe by referencing environment variables directly from the configuration file.
- Global Settings: Configure global settings like user-agent and request timeouts.
Usage as an MCP Plugin
{
"mcpServers": {
"mcp-auth-fetch": {
"command": "npx",
"args": ["mcp-auth-fetch"]
}
}
}
This package is designed to be used as a plugin within an MCP (Model-Centric Programming) environment. Once the package is installed, it exposes its functions as tools that can be called from a compatible MCP client.
Tool: fetch_url
Fetches a URL, automatically applying the authentication configured in .mcp-auth-fetch.json.
Parameters:
--url(required): The URL to fetch.--method(optional): The HTTP method (e.g.,GET,POST). Defaults toGET.--headers(optional): A JSON string of custom headers.--body(optional): The request body forPOST,PUT, etc.--timeout(optional): A request-specific timeout in milliseconds.
Tool: test_auth
Tests your configuration by finding which rule matches a given domain and returns the result as a JSON string.
Configuration
The power of this tool lies in its configuration file. Create a file named .mcp-auth-fetch.json in your project's root directory or your home directory.
Configuration Structure
{
"global_settings": {
"default_timeout": 15000,
"user_agent": "MyAwesomeApp/1.0"
},
"auth_rules": [
{
"url_pattern": "api.github.com",
"description": "GitHub API",
"auth": {
"type": "bearer",
"token": "${GITHUB_TOKEN}"
}
},
{
"url_pattern": "*.openai.com",
"description": "OpenAI API",
"auth": {
"type": "api_key",
"in": "header",
"key": "Authorization",
"value": "Bearer ${OPENAI_API_KEY}"
}
},
{
"url_pattern": "internal-api.my-company.com",
"description": "Internal Basic Auth API",
"auth": {
"type": "basic",
"username": "${INTERNAL_USER}",
"password": "${INTERNAL_PASS}"
}
},
{
"url_pattern": "legacy.example.com",
"description": "Legacy Cookie Auth",
"auth": {
"type": "cookie",
"cookies": {
"session_id": "abc-123-def-456",
"user_token": "${LEGACY_USER_TOKEN}"
}
}
},
{
"url_pattern": "auth-server.my-company.com",
"description": "OAuth2 Client Credentials",
"auth": {
"type": "oauth2",
"token_url": "https://auth-server.my-company.com/oauth/token",
"client_id": "${OAUTH_CLIENT_ID}",
"client_secret": "${OAUTH_CLIENT_SECRET}",
"scope": "api:read"
}
},
{
"url_pattern": "another-service.com",
"description": "OAuth2 with Refresh Token",
"auth": {
"type": "oauth2",
"token_url": "https://another-service.com/api/token",
"client_id": "${SERVICE_CLIENT_ID}",
"client_secret": "${SERVICE_CLIENT_SECRET}",
"refresh_token": "${SERVICE_REFRESH_TOKEN}"
}
},
{
"url_pattern": "/api\\.special\\.com/",
"description": "A special API requiring regex matching",
"auth": {
"type": "bearer",
"token": "${SPECIAL_TOKEN}"
},
"enabled": true
}
]
}
Configuration Fields
global_settings(optional): Settings that apply to all requests.default_timeout: Default request timeout in milliseconds.user_agent: A custom User-Agent string.verbose_test_auth: Set totrueto show the full, unmasked authentication details in thetest_authoutput. Defaults tofalse, which masks sensitive information for security.
auth_rules: An array of authentication rules.url_pattern: The URL pattern to match against the domain of the request URL.- Exact Match:
api.service.com - Glob Match:
*.service.com - Regex Match:
/api\\.service\\.(com|org)/(Note: Regex must be a string starting and ending with/)
- Exact Match:
description(optional): A human-readable description of the rule.enabled(optional): Set tofalseto disable a rule. Defaults totrue.auth: An object describing the authentication method.type: One ofbearer,api_key,basic,cookie,oauth2,function.bearer:{ "type": "bearer", "token": "..." }api_key:{ "type": "api_key", "in": "header"|"query", "key": "...", "value": "..." }basic:{ "type": "basic", "username": "...", "password": "..." }cookie:{ "type": "cookie", "cookies": { "key1": "value1", ... } }oauth2: Handles OAuth2 client credentials and refresh token flows.{ "type": "oauth2", "token_url": "...", "client_id": "...", "client_secret": "...", "scope": "(optional)", "refresh_token": "(optional)" }function: For advanced dynamic credentials. Requires a.mcp-auth-fetch.jsconfig file. The value is a function that returns headers or a bearer token.{ "type": "function", "function": () => ({ "Authorization": "Bearer ..." }) }
Using Environment Variables
For security, you can store secrets in environment variables and reference them in your config file using the ${VAR_NAME} syntax. The tool will automatically substitute them at runtime.
Development
To contribute or run this project locally:
- Clone the repository.
- Install dependencies:
npm install - Run tests:
npm test - Build the project:
npm run build
Installing Auth Fetch
This server has no published package — it is built from source. Open the repository and follow its README.
▸ github.com/seeker-wen/mcp-auth-fetchFAQ
Is Auth Fetch MCP free?
Yes, Auth Fetch MCP is free — one-click install via Unyly at no cost.
Does Auth Fetch need an API key?
No, Auth Fetch runs without API keys or environment variables.
Is Auth Fetch hosted or self-hosted?
A hosted option is available: Unyly runs the server in the cloud, no local setup required.
How do I install Auth Fetch in Claude Desktop, Claude Code or Cursor?
Open Auth Fetch on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
GitHub
PRs, issues, code search, CI status
by GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
by mcpdotdirectCompare Auth Fetch with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All development MCPs
