sujianjob/remote-mcp-server-authless
If you are the rightful owner of remote-mcp-server-authless and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
This guide provides instructions for deploying a remote MCP server with JWT authentication on Cloudflare Workers, offering a secure and maintainable solution for managing model context protocols.
Building a Remote MCP Server on Cloudflare (With JWT Authentication)
This example allows you to deploy a remote MCP server with JWT Bearer Token authentication on Cloudflare Workers. The server uses a simplified authentication mechanism for better maintainability.
Get started:
This will deploy your MCP server to a URL like: remote-mcp-server-authless.<your-account>.workers.dev/sse
Alternatively, you can use the command line below to get the remote MCP Server created on your local machine:
npm create cloudflare@latest -- my-mcp-server --template=cloudflare/ai/demos/remote-mcp-authless
๐ JWT Authentication Configuration
This MCP server uses a simplified JWT Bearer Token authentication mechanism for better security and maintainability.
Environment Variables
| Variable | Description | Example |
|---|---|---|
JWT_SECRET | Secret key for JWT token validation | your-super-secure-jwt-secret |
Setting up Authentication
Configure JWT secret for token validation:
# Set JWT secret
wrangler secret put JWT_SECRET
# Enter: your-super-secure-jwt-secret
Authentication Method
Include the JWT token in the Authorization header:
curl -H "Authorization: Bearer your-jwt-token" https://your-worker.workers.dev/sse
Generating JWT Tokens
Use the included utility to generate JWT tokens:
# Generate a JWT token
npm run generate-jwt
Or programmatically:
import { generateJWT } from './src/auth-utils.js';
const payload = {
userId: 'user123',
username: 'john_doe',
roles: ['user']
};
const token = await generateJWT(payload, 'your-jwt-secret', 3600); // 1 hour expiry
console.log('Generated JWT:', token);
Customizing your MCP Server
To add your own tools to the MCP server, define each tool inside the init() method of src/index.ts using this.server.tool(...).
Connect to Cloudflare AI Playground
You can connect to your MCP server from the Cloudflare AI Playground, which is a remote MCP client:
- Go to https://playground.ai.cloudflare.com/
- Enter your deployed MCP server URL (
remote-mcp-server-authless.<your-account>.workers.dev/sse) - Important: Add authentication header:
Authorization: Bearer your-jwt-token - You can now use your MCP tools directly from the playground!
Health Check Endpoint
The server includes a health check endpoint that doesn't require authentication:
curl https://mcp.123648.xyz/health
Response:
{
"status": "ok",
"timestamp": "2024-01-01T00:00:00.000Z",
"service": "MCP Server with JWT Auth"
}
Connect Claude Desktop to your MCP server
You can also connect to your remote MCP server from local MCP clients, by using the mcp-remote proxy.
To connect to your MCP server from Claude Desktop, follow Anthropic's Quickstart and within Claude Desktop go to Settings > Developer > Edit Config.
Without Authentication (Development)
{
"mcpServers": {
"calculator": {
"command": "npx",
"args": [
"mcp-remote",
"http://localhost:8787/sse"
]
}
}
}
With JWT Authentication (Production)
{
"mcpServers": {
"calculator": {
"command": "npx",
"args": [
"mcp-remote",
"https://remote-mcp-server-authless.your-account.workers.dev/sse"
],
"env": {
"MCP_REMOTE_HEADERS": "{\"Authorization\": \"Bearer your-jwt-token\"}"
}
}
}
}
Restart Claude and you should see the tools become available.
๐ง Development and Testing
Local Development
- Clone the repository
- Install dependencies:
npm install - Set up environment variables in
.dev.varsfile:JWT_SECRET=your-local-jwt-secret - Start development server:
npm run dev
Testing Authentication
Test the health endpoint (no auth required):
curl http://localhost:8787/health
Test with JWT token:
curl -H "Authorization: Bearer your-jwt-token" http://localhost:8787/sse
Test with invalid JWT token (should return 401):
curl -H "Authorization: Bearer invalid-token" http://localhost:8787/sse
Security Best Practices
- Use Strong JWT Secrets: Generate cryptographically secure JWT secrets with sufficient length (64+ characters)
- Rotate Secrets Regularly: Implement a secret rotation strategy for production environments
- Use HTTPS: Always use HTTPS in production to protect authentication tokens in transit
- Monitor Access: Review logs regularly for suspicious authentication attempts
- Environment Separation: Use different secrets for development, staging, and production environments
- Token Expiry: Set appropriate expiration times for JWT tokens
Troubleshooting
Authentication Failed Errors:
- Verify your JWT token is correct and not expired
- Check that the Authorization header is properly formatted (
Authorization: Bearer <token>) - Ensure the JWT_SECRET environment variable is correctly set
- Check the server logs for detailed error messages
Token Issues:
- Generate a new JWT token using
npm run generate-jwt - Verify the token payload contains the required fields
- Check token expiration time
๐ Interactive Feedback System (v2.0)
ๆฌ MCP ๆๅกๅจ็ฐๅทฒๅ็บงไธบๅฎๆด็ไบคไบๅผๅ้ฆๆถ้็ณป็ป๏ผๆไพไปฅไธๆฐๅ่ฝ๏ผ
โจ ๆฐๅขๅ่ฝ
๐ ๅฎๆด็ๅ้ฆ API
- ๅๅปบไผ่ฏ:
POST /api/feedback/create- ๅๅปบๆฐ็ๅ้ฆไผ่ฏ - ่ทๅ็ถๆ:
GET /api/feedback/{sessionId}/status- ๆฅ่ฏขไผ่ฏ็ถๆ - ๆไบคๅ้ฆ:
POST /api/feedback/{sessionId}/submit- ๆไบค็จๆทๅ้ฆ - ่ทๅ็ปๆ:
GET /api/feedback/{sessionId}/result- ่ทๅๅ้ฆ็ปๆ
๐จ ๅๅบๅผ Web ็้ข
- ๅ้ฆ้กต้ข:
GET /feedback/{sessionId}- ็จๆทๅๅฅฝ็ๅ้ฆ็้ข - ไธป้ขๆฏๆ: ๆฏๆๆๆไธป้ขๅๆข (
?theme=dark|light) - ๅค่ฏญ่จ: ๆฏๆไธญ่ฑๆๅๆข (
?lang=zh|en) - ๅๅบๅผ่ฎพ่ฎก: ้้ ๆก้ขๅ็งปๅจ่ฎพๅค
โก WebSocket ๅฎๆถ้ไฟก
- ๅฎๆถ็ถๆๆดๆฐ: ไผ่ฏ็ถๆๅๅๆถ่ชๅจๆจ้
- ๅค็ซฏๅๆญฅ: ๆฏๆๅคไธชๅฎขๆท็ซฏๅๆถ็ๅฌ
- App ้ๆ: ๆฏๆ็งปๅจๅบ็จๅ Web ๅบ็จ่ฟๆฅ
๐ ๏ธ ๅขๅผบ็ MCP ๅทฅๅ ท
- interactive_feedback: ๅๅปบๅ้ฆไผ่ฏ
- get_feedback_result: ่ทๅๅ้ฆ็ปๆ
- check_feedback_status: ๆฃๆฅไผ่ฏ็ถๆ
๐ ไฝฟ็จ็คบไพ
1. ้่ฟ MCP ๅทฅๅ ทๅๅปบๅ้ฆไผ่ฏ
// ๅจ Claude Desktop ๆๅ
ถไป MCP ๅฎขๆท็ซฏไธญไฝฟ็จ
{
"tool": "interactive_feedback",
"arguments": {
"message": "่ฏทๅฏนๆไปฌ็ๆๅก่ฟ่ก่ฏไปท",
"predefinedOptions": ["้ๅธธๆปกๆ", "ๆปกๆ", "ไธ่ฌ", "ไธๆปกๆ"],
"timeout": 600,
"metadata": {
"source": "customer-service",
"category": "satisfaction-survey"
}
}
}
2. ้่ฟ API ๅๅปบๅ้ฆไผ่ฏ
curl -X POST https://your-worker.workers.dev/api/feedback/create \
-H "Authorization: Bearer your-jwt-token" \
-H "Content-Type: application/json" \
-d '{
"message": "่ฏท้ๆฉๆจๅๆฌข็ๅ่ฝ",
"predefinedOptions": ["ๅ่ฝA", "ๅ่ฝB", "ๅ่ฝC"],
"timeout": 300
}'
3. ็จๆท่ฎฟ้ฎๅ้ฆ็้ข
็จๆท่ฎฟ้ฎ่ฟๅ็ feedbackUrl๏ผไพๅฆ๏ผ
https://your-worker.workers.dev/feedback/123e4567-e89b-12d3-a456-426614174000?theme=dark&lang=zh
4. ่ทๅๅ้ฆ็ปๆ
curl -H "Authorization: Bearer your-jwt-token" \
https://your-worker.workers.dev/api/feedback/123e4567-e89b-12d3-a456-426614174000/result
5. WebSocket ๅฎๆถ็ๅฌ
const ws = new WebSocket('wss://your-worker.workers.dev/ws/123e4567-e89b-12d3-a456-426614174000?apiKey=your-api-key&clientType=web');
ws.onmessage = (event) => {
const message = JSON.parse(event.data);
console.log('ๆถๅฐๆถๆฏ:', message);
switch (message.type) {
case 'connection_established':
console.log('่ฟๆฅๅทฒๅปบ็ซ');
break;
case 'session_status_changed':
console.log('็ถๆๅๅ:', message.data);
break;
case 'feedback_submitted':
console.log('ๅ้ฆๅทฒๆไบค:', message.data);
break;
}
};
๐งช ๆต่ฏ
่ฟ่กๅฎๆด็ๆต่ฏๅฅไปถ๏ผ
# ๅฎ่ฃ
ๆต่ฏไพ่ต
npm install
# ่ฟ่กๆต่ฏ
node test/interactive-feedback-tests.js
ๆต่ฏๅ ๆฌ๏ผ
- โ ๅฅๅบทๆฃๆฅ
- โ ๅๅปบๅ้ฆไผ่ฏ
- โ ่ทๅไผ่ฏ็ถๆ
- โ ๆไบคๅ้ฆ
- โ ่ทๅๅ้ฆ็ปๆ
- โ ๅ้ฆ็้ข่ฎฟ้ฎ
- โ WebSocket ่ฟๆฅ
๐ง ้ ็ฝฎ้้กน
็ฏๅขๅ้
| ๅ้ | ๆ่ฟฐ | ้ป่ฎคๅผ |
|---|---|---|
JWT_SECRET | JWT ไปค็ๅฏ้ฅ | ๅฟ ้ |
OAUTH_KV | KV ๅญๅจ็ปๅฎ | ๅฟ ้ |
ไผ่ฏ้ ็ฝฎ
- ้ป่ฎค่ถ ๆถ: 300 ็ง (5 ๅ้)
- ๆๅคง่ถ ๆถ: 3600 ็ง (1 ๅฐๆถ)
- ๆๅคงๆถๆฏ้ฟๅบฆ: 1000 ๅญ็ฌฆ
- ๆๅคง้้กนๆฐ้: 10 ไธช
- ๆๅคง้้กน้ฟๅบฆ: 100 ๅญ็ฌฆ
๐๏ธ ๆถๆ่ฏดๆ
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ
โ MCP Client โ โ Web Browser โ โ Mobile App โ
โ (Claude etc.) โ โ โ โ โ
โโโโโโโโโโโฌโโโโโโโโ โโโโโโโโโโโฌโโโโโโโโ โโโโโโโโโโโฌโโโโโโโโ
โ โ โ
โ JWT Auth โ No Auth โ WebSocket
โ โ โ
โผ โผ โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Cloudflare Worker โ
โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ MCP Handler โ โ API Handler โ โ WebSocket Handler โ โ
โ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Feedback Service โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโ
โ KV Storage โ
โ (Sessions) โ
โโโโโโโโโโโโโโโโโโโ
๐ API ๆๆกฃ
่ฏฆ็ป็ API ๆๆกฃ่ฏทๅ่ docs/api-design.md ๆไปถใ
๐ ็ๆฌๅๅฒ
-
v2.0.0: ๅฎๆด็ไบคไบๅผๅ้ฆ็ณป็ป
- ๆฐๅข RESTful API
- ๅๅบๅผ Web ็้ข
- WebSocket ๅฎๆถ้ไฟก
- ๅขๅผบ็ MCP ๅทฅๅ ท
- ๅฎๆด็ๆต่ฏๅฅไปถ
-
v1.0.0: ๅบ็ก MCP ๆๅกๅจ
- JWT ่ฎค่ฏ
- ๅบ็กๅ้ฆๅทฅๅ ท
- KV ๅญๅจ