Auth Proxy
БесплатноНе проверенAuthenticating reverse proxy for MCP servers providing credential isolation, OAuth2 token management, and composite tool aggregation.
Описание
Authenticating reverse proxy for MCP servers providing credential isolation, OAuth2 token management, and composite tool aggregation.
README
Authenticating reverse proxy for MCP servers — credential isolation, OAuth2 token management, and composite tool aggregation.
What it does
mcp-auth-proxy sits between an LLM orchestrator and one or more upstream services (MCP servers, REST APIs, etc.). It provides:
- Credential injection — per-route header injection so the orchestrator process never holds service tokens.
- OAuth2 consent flow — browser-based OAuth2 authorization code flow for remote MCP providers. Tokens are stored encrypted at rest (AES-256-GCM) and refreshed automatically.
- Composite MCP server — aggregates tools from all linked OAuth2
providers into a single
tools/listresponse, namespaced by provider (e.g.google_calendar-create_event). Includes built-inproxy-link_providerfor runtime provider linking. - Tiered approval system — configurable per-route and per-tool autonomy tiers. Tier 2 actions require single-use or standing approval tokens, preventing the double-send class of bugs.
- Rate limiting — sliding-window per-route rate limiter.
- Prometheus metrics — request counts, latency histograms, upstream errors, and approval token lifecycle metrics.
- Structured logging — JSON-formatted logs for Loki/Promtail/Alloy ingestion.
Architecture
┌─────────────┐ ┌─────────────────┐ ┌──────────────────┐
│ Orchestrator │────▶│ mcp-auth-proxy │────▶│ Upstream Service │
│ (LLM) │ │ │ │ (MCP / REST) │
└─────────────┘ │ • auth inject │ └──────────────────┘
│ • rate limit │
│ • tier enforce │ ┌──────────────────┐
│ • MCP aggregate │────▶│ OAuth2 Provider │
│ • metrics │ │ (Google, etc.) │
└─────────────────┘ └──────────────────┘
The orchestrator authenticates to the proxy with a shared virtual key
(X-Gateway-Key header). The proxy matches the request path to a
configured route, injects the upstream's credentials, and forwards the
request.
For MCP, the proxy presents itself as an MCP server on POST /mcp
(Streamable HTTP transport) and GET /mcp/events (SSE notifications).
It aggregates tools from all OAuth2-linked providers and dispatches
tools/call to the correct upstream.
Quick start
# Install
pip install .
# Run with a config file
mcp-auth-proxy --config config.yaml
# Or with Docker
docker build -t mcp-auth-proxy .
docker run -v ./config.yaml:/etc/mcp-auth-proxy/config.yaml mcp-auth-proxy
Configuration
See config.example.yaml for a fully documented example configuration.
Routes
Each route maps a path prefix to an upstream URL with optional credential injection:
routes:
- prefix: /api
upstream: http://internal-service:8080
inject_headers:
Authorization: "Bearer ${SERVICE_TOKEN}"
rate_limit: 60 # requests per minute
tier: 1 # 1 = autonomous, 2 = requires approval token
OAuth2 providers
Remote MCP servers accessed via OAuth2:
oauth:
encryption_key: "${OAUTH_ENCRYPTION_KEY}" # 64 hex chars (32 bytes AES-256)
external_url: "https://proxy.example.com"
providers:
google_calendar:
display_name: "Google Calendar"
auth_url: "https://accounts.google.com/o/oauth2/v2/auth"
token_url: "https://oauth2.googleapis.com/token"
client_id: "${GOOGLE_CLIENT_ID}"
client_secret: "${GOOGLE_CLIENT_SECRET}"
scopes: ["https://www.googleapis.com/auth/calendar"]
mcp_server_url: "https://calendar-mcp.example.com/mcp"
Approval tokens
Tier 2 actions require an approval token obtained from POST /approve:
# Issue a single-use token
curl -X POST http://localhost:8090/approve \
-H "X-Admin-Key: $ADMIN_KEY" \
-d '{"action": "email.send", "scope": {"to": "[email protected]"}}'
# Use it in a proxied request
curl -X POST http://localhost:8090/email/send \
-H "X-Gateway-Key: $VIRTUAL_KEY" \
-H "X-Approval-Token: apt-abc123..." \
-d '{"to": "[email protected]", "body": "Hello"}'
Endpoints
| Endpoint | Method | Description |
|---|---|---|
/health |
GET | Health check with route count and MCP status |
/_routes |
GET | List configured routes (no credentials exposed) |
/mcp |
POST | MCP JSON-RPC endpoint (tools/list, tools/call) |
/mcp/events |
GET | SSE stream for MCP notifications |
/approve |
POST | Issue an approval token (admin) |
/approve |
GET | List active tokens (admin) |
/approve/standing |
POST | Issue a standing (multi-use) token |
/approve/audit |
GET | Audit trail of token lifecycle |
/approve/{id} |
DELETE | Revoke a token |
/auth/{provider}/start |
GET | Start OAuth2 consent flow |
/auth/{provider}/callback |
GET | OAuth2 callback |
/auth/status |
GET | Show linked providers for user |
/admin/refresh-tools |
POST | Force tool cache refresh |
/admin/tool-cache |
GET | Tool cache status |
/{path} |
* | Catch-all reverse proxy |
Security headers
| Header | Direction | Purpose |
|---|---|---|
X-Gateway-Key |
Client → Proxy | Orchestrator authentication |
X-Admin-Key |
Client → Proxy | Approval endpoint authentication |
X-MCP-User |
Client → Proxy | User identification for MCP |
X-Approval-Token |
Client → Proxy | Tier 2 action authorisation |
Remote-User |
Auth proxy → Proxy | Authenticated user (from SSO) |
Metrics
Prometheus metrics are served on port 9091 (configurable):
mcp_proxy_request_total— requests by route, method, statusmcp_proxy_request_duration_seconds— latency histogrammcp_proxy_rate_limited_total— rate-limited requestsmcp_proxy_upstream_error_total— upstream errorsmcp_proxy_approval_*— approval token lifecycle
License
0BSD — do whatever you want with it.
Установка Auth Proxy
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/bobtheskull-flameeyes/mcp-auth-proxyFAQ
Auth Proxy MCP бесплатный?
Да, Auth Proxy MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Auth Proxy?
Нет, Auth Proxy работает без API-ключей и переменных окружения.
Auth Proxy — hosted или self-hosted?
Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.
Как установить Auth Proxy в Claude Desktop, Claude Code или Cursor?
Открой Auth Proxy на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Auth Proxy with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
