Why do I need OAuth for my MCP server?

OAuth provides granular user-level security and is a technical requirement for integrating third-party MCP servers with enterprise platforms like Claude.ai that utilize Dynamic Client Registration.

How does this solve Claude.ai connection failures?

It includes specific architectural workarounds for documented errors like redirect URI mismatches and RFC 8707 audience bugs that frequently cause authentication loops in Claude.ai.

Does this support providers other than Google?

The skill is pre-configured for Google OAuth, but because it uses the standard @cloudflare/workers-oauth-provider, it can be adapted for other OIDC providers with minimal configuration changes.

What Cloudflare resources are required for this skill?

You will need a Cloudflare Workers account with KV namespaces for state storage and Durable Objects for managing MCP sessions.

MCP OAuth for Cloudflare Workers

Name: MCP OAuth for Cloudflare Workers
Author: evolv3ai

byevolv3ai

0•

Security & Testing

Implements production-ready Google OAuth authentication and Dynamic Client Registration for MCP servers running on Cloudflare Workers.

This skill provides a robust framework for securing Model Context Protocol (MCP) servers using Google OAuth 2.0 within the Cloudflare Workers ecosystem. It simplifies the complex 'Dual OAuth Role' pattern where the server acts as both a client to Google and an issuer for MCP clients like Claude.ai. By handling critical edge cases such as RFC 8707 audience bugs and implementing secure state management via Workers KV, it ensures seamless integration with Claude.ai's Dynamic Client Registration (DCR) requirements while providing developers with authenticated user context directly within tool handlers.

Key Features

01Built-in CSRF protection and RFC 8707 spec compliance to prevent connection failures

020 GitHub stars

03Full Google OAuth 2.0 integration with automated token exchange and refresh logic

04Direct injection of user identity (email, name, ID) into MCP tool handler properties

05Native support for Claude.ai Dynamic Client Registration (DCR) flows

06Secure state and session management using Cloudflare Workers KV and Durable Objects

Use Cases

01Migrating from insecure static auth tokens to a scalable, production-grade OAuth flow

02Securing a private MCP server with Google Sign-In to restrict access to specific team members

03Deploying an MCP server to the Claude.ai platform requiring secure user-level authorization

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add evolv3ai/claude-skills-archive mcp-oauth-cloudflare

For use in Claude.ai and ChatGPT

Download Skill