Labsco
geelen logo

MCP Remote

โ˜… 1,500

from geelen

A remote proxy for MCP that enables local clients to connect to remote servers via OAuth.

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedAccount requiredAdvanced setup

mcp-remote

Connect an MCP Client that only supports local (stdio) servers to a Remote MCP Server, with auth support:

Note: this is a working proof-of-concept but should be considered experimental.

Why is this necessary?

So far, the majority of MCP servers in the wild are installed locally, using the stdio transport. This has some benefits: both the client and the server can implicitly trust each other as the user has granted them both permission to run. Adding secrets like API keys can be done using environment variables and never leave your machine. And building on npx and uvx has allowed users to avoid explicit install steps, too.

But there's a reason most software that could be moved to the web did get moved to the web: it's so much easier to find and fix bugs & iterate on new features when you can push updates to all your users with a single deploy.

With the latest MCP Authorization specification, we now have a secure way of sharing our MCP servers with the world without running code on user's laptops. Or at least, you would, if all the popular MCP clients supported it yet. Most are stdio-only, and those that do support HTTP+SSE don't yet support the OAuth flows required.

That's where mcp-remote comes in. As soon as your chosen MCP client supports remote, authorized servers, you can remove it. Until that time, drop in this one liner and dress for the MCP clients you want!

Building Remote MCP Servers

For instructions on building & deploying remote MCP servers, including acting as a valid OAuth client, see the following resources:

In particular, see:

For more information about testing these servers, see also:

Know of more resources you'd like to share? Please add them to this Readme and send a PR!

Debugging

Debug Logs

For troubleshooting complex issues, especially with token refreshing or authentication problems, use the --debug flag:

Copy & paste โ€” that's it
"args": [
  "mcp-remote",
  "https://remote.mcp.server/sse",
  "--debug"
]

This creates detailed logs in ~/.mcp-auth/{server_hash}_debug.log with timestamps and complete information about every step of the connection and authentication process. When you find issues with token refreshing, laptop sleep/resume issues, or auth problems, provide these logs when seeking support.

Authentication Errors

If you encounter the following error, returned by the /callback URL:

Copy & paste โ€” that's it
Authentication Error
Token exchange failed: HTTP 400

You can run rm -rf ~/.mcp-auth to clear any locally stored state and tokens.

"Client" mode

Run the following on the command line (not from an MCP server):

Copy & paste โ€” that's it
npx -p mcp-remote@latest mcp-remote-client https://remote.mcp.server/sse

This will run through the entire authorization flow and attempt to list the tools & resources at the remote URL. Try this after running rm -rf ~/.mcp-auth to see if stale credentials are your problem, otherwise hopefully the issue will be more obvious in these logs than those in your MCP client.