Grok Oauth
БесплатноНе проверенEnables local MCP clients to interact with xAI Grok through OAuth PKCE, supporting chat, X search, image/video generation, TTS, and transcription.
Описание
Enables local MCP clients to interact with xAI Grok through OAuth PKCE, supporting chat, X search, image/video generation, TTS, and transcription.
README
Standalone TypeScript stdio MCP server for xAI Grok using web OAuth PKCE. It is intended for local MCP clients such as Claude Desktop, ChatGPT-compatible MCP hosts, and other stdio MCP launchers.
This server does not require XAI_API_KEY for normal usage. The primary auth path is xAI web OAuth with a local token store.
Requirements
- Node.js 20+
- A local MCP client that can launch stdio servers, such as Claude Desktop or another MCP-compatible host.
- An xAI account with an active SuperGrok subscription or an X Premium+ subscription linked to the X account you sign in with. This matches the Hermes xAI Grok OAuth connector: the browser login works through
accounts.x.ai, and xAI links X Premium+ entitlement to the xAI session automatically.
No XAI_API_KEY is used for the normal OAuth path. xAI may still gate OAuth API access by subscription tier; if OAuth succeeds but xAI API calls return 403, your account may not be entitled for that OAuth API surface yet.
Features
- xAI web OAuth PKCE login with the Hermes client ID.
- Token storage at
~/.config/grok-oauth-mcp/tokens.jsonby default. - Configurable token directory with
GROK_OAUTH_MCP_CONFIG_DIR. - Refresh-token flow before access token expiry.
- Configurable xAI API base with
XAI_BASE_URL, defaulting tohttps://api.x.ai/v1. - MCP stdio tools for auth, Grok chat, X search, image, video, TTS, and transcription.
- Multipart upload support for local image/audio paths.
Quick Start
This is the shortest path for a human or agent to get the MCP running, authenticate, and verify that Grok works.
1. Install
From source:
git clone https://github.com/bowtieswan/grok-oauth-mcp.git
cd grok-oauth-mcp
npm install
npm run build
Run directly from the built checkout:
node /absolute/path/to/grok-oauth-mcp/dist/index.js
Or install it globally from the checkout:
npm install -g .
grok-oauth-mcp
Package-runner form:
npx grok-oauth-mcp
2. Add It To Your MCP Client
Use absolute paths when possible. This avoids PATH differences between your shell and GUI apps.
Claude Desktop
Add an MCP server entry that points at your local build or global executable. Local build example:
{
"mcpServers": {
"grok-oauth": {
"command": "node",
"args": ["/absolute/path/to/grok-oauth-mcp/dist/index.js"]
}
}
}
If you installed globally and know the executable path:
{
"mcpServers": {
"grok-oauth": {
"command": "/absolute/path/to/node",
"args": ["/absolute/path/to/grok-oauth-mcp"]
}
}
}
OpenCode
Add a local MCP server entry under the top-level mcp object in your OpenCode config, usually ~/.config/opencode/opencode.json:
{
"mcp": {
"grok-oauth": {
"command": [
"/absolute/path/to/node",
"/absolute/path/to/grok-oauth-mcp"
],
"enabled": true,
"type": "local"
}
}
}
Then restart the MCP client or reload MCP servers. In OpenCode, verify discovery with:
opencode mcp list
You should see grok-oauth connected.
3. Authenticate
Use the MCP tool auth_login with wait=false first. This is the safest mode for most MCP clients because the tool returns the URL immediately.
Input:
{
"wait": false,
"timeout_ms": 600000
}
The result contains:
auth_url: open this in your browser.state: the OAuth state for this attempt.redirect_uri: normallyhttp://127.0.0.1:56121/callback.token_path: where tokens will be written after success.
Open auth_url, sign in to xAI, then complete one of these two paths.
Path A: Browser Redirects To Localhost
If the browser redirects to http://127.0.0.1:56121/callback?... and shows a success message, login is complete. Run auth_status to confirm.
Path B: xAI Shows A Grok Build Code
Sometimes xAI shows a page saying:
Enter this code to finish signing in
Copy the code below into Grok Build to finish signing in
If that happens, copy the code and call auth_exchange_code immediately:
{
"code": "paste-the-grok-build-code-here"
}
The code is tied to the most recent auth_login attempt and the saved PKCE verifier. If it expires or you started another login attempt, run auth_login again and use the fresh code from the fresh URL.
If you have a full callback URL instead of a bare code, pass it as callback_url:
{
"callback_url": "http://127.0.0.1:56121/callback?code=...&state=..."
}
4. Verify Auth
Run auth_status. A successful login returns authenticated: true, has_refresh_token: true, and an expiry time. Token values are never returned.
Tokens are stored at:
~/.config/grok-oauth-mcp/tokens.json
Temporary pending OAuth state is stored at:
~/.config/grok-oauth-mcp/pending_oauth.json
Both files are written with mode 0600 where the local filesystem supports POSIX permissions.
5. Test Grok
After auth_status is authenticated, try a small call. For X search:
{
"query": "latest xAI Grok updates",
"filters": {
"max_results": 5
}
}
If the first broad search times out, retry with a narrower query and fewer results.
OAuth Details
- Discovery:
https://auth.x.ai/.well-known/openid-configuration - Displayed authorization server:
accounts.x.ai - Client ID:
b1a00492-073a-47ea-816f-4c329264a828 - Scope:
openid profile email offline_access grok-cli:access api:access - Redirect URI:
http://127.0.0.1:56121/callback - Authorize URL includes
plan=genericandreferrer=hermes-agent.
Authentication Notes For Agents
- Prefer
auth_loginwithwait=false. Do not usewait=trueunless your MCP host surfaces stderr or tool output while the call is still running. - Always open the exact
auth_urlfrom the latestauth_loginresult. - If the page shows a Grok Build code, call
auth_exchange_codewith that code. Do not try to open/callbackmanually. - If
auth_exchange_codereturnsNo pending OAuth login foundorPending OAuth login is expired, runauth_loginagain and use the fresh URL/code. - If xAI returns
invalid_grant, the code is stale, already used, or from a different login attempt. Runauth_loginagain.
Tools
auth_login
Starts OAuth login and returns an authorization URL.
Input:
{
"wait": false,
"timeout_ms": 300000
}
Set wait=true only for clients that can show stderr or otherwise surface the URL while the tool is still running.
auth_exchange_code
Exchanges a pasted xAI/Grok Build OAuth code, or a full callback URL, using pending PKCE state from the last auth_login call.
Input with a bare Grok Build code:
{
"code": "paste-the-grok-build-code-here"
}
Input with a callback URL:
{
"callback_url": "http://127.0.0.1:56121/callback?code=...&state=..."
}
auth_status
Reports whether a token is stored, whether a refresh token exists, and approximate expiry. Token values are never returned.
auth_logout
Deletes the local token file and any pending OAuth state.
grok_chat
Posts to /responses with store=false. Default model: grok-build-0.1.
Example:
{
"input": "Explain what this MCP server can do."
}
x_search
Posts to /responses with tools: [{ "type": "x_search" }] and optional filters.
Example:
{
"query": "latest xAI Grok updates",
"filters": {
"max_results": 5
}
}
grok_tts
Posts to /tts.
Example:
{
"text": "Hello from Grok.",
"voice_id": "eve",
"language": "en"
}
grok_image
Posts to /images/generations for text-to-image and /images/edits when image_path is present.
Defaults:
- Generation model:
grok-imagine-image - Edit model:
grok-imagine-image-quality
Common image options include aspect_ratio, resolution, size, n, and response_format. Pass values supported by the current xAI/Hermes image surface, such as common aspect ratios like 1:1, 16:9, 9:16, 4:3, and 3:4 when available on your account.
grok_video
Posts to /videos/generations. Supports text-to-video and image-to-video when image_path is present.
Defaults:
- Text-to-video model:
grok-imagine-video - Image-to-video model:
grok-imagine-video-1.5-preview
Set poll=true to poll /videos/{request_id} until the request leaves a queued or processing state.
grok_transcribe
Posts a local audio file to /stt with multipart form data, matching xAI Grok STT.
Example:
{
"file_path": "/path/to/audio.wav",
"language": "en"
}
Troubleshooting
Not authenticated. Run auth_login first.: Runauth_loginwithwait=false, open the returnedauth_url, then complete the redirect or useauth_exchange_codewith the Grok Build code.- Browser cannot reach callback: If xAI showed a Grok Build code, do not manually open
/callback; callauth_exchange_codewith the code instead. If you expected a redirect, make sure nothing else is using port56121, then runauth_loginagain. No pending OAuth login foundorPending OAuth login is expired: Runauth_loginagain and use the fresh URL/code.invalid_grant: The pasted code is stale, already used, or belongs to a different login attempt. Runauth_loginagain and paste the fresh code.403from xAI: Your xAI account may not have the required SuperGrok or X Premium+ entitlement for the requested Grok API surface.- Token refresh fails: Run
auth_logout, thenauth_loginagain. - Custom API gateway or mock server: Set
XAI_BASE_URLto the replacement base URL. - Custom token location: Set
GROK_OAUTH_MCP_CONFIG_DIRto a directory path. The server writestokens.jsoninside it.
Development
npm test
npm run build
Tests mock all OAuth and xAI network calls. They must not call real xAI OAuth or xAI APIs.
License
MIT
Установка Grok Oauth
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/BowTiedSwan/grok-oauth-mcpFAQ
Grok Oauth MCP бесплатный?
Да, Grok Oauth MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Grok Oauth?
Нет, Grok Oauth работает без API-ключей и переменных окружения.
Grok Oauth — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Grok Oauth в Claude Desktop, Claude Code или Cursor?
Открой Grok Oauth на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
Gmail
Read, send and search emails from Claude
автор: GoogleSlack
Send, search and summarize Slack messages
автор: SlackRunbear
No-code MCP client for team chat platforms, such as Slack, Microsoft Teams, and Discord.
Discord Server
A community discord server dedicated to MCP by [Frank Fiegel](https://github.com/punkpeye)
Compare Grok Oauth with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории communication
