self-hosted 4 min read

mcpauth – Self-Hosted OAuth 2.0 Server for MCP

Self-host your own OAuth 2.0 server for MCP clients like ChatGPT. mcpauth supports Next.js, Express, Prisma, and Drizzle — no vendor lock-in.

#mcp #oauth #self-hosted #authentication #dev-tools
By
Share: X in
mcpauth project thumbnail

TL;DR

TL;DR: mcpauth is an open-source OAuth 2.0 server you self-host to add MCP-compliant authentication to your AI tools — works with Next.js, Express, Prisma, and Drizzle.

Source and Accuracy Notes

⚠️ This section is MANDATORY. All links must be verified from actual source, not guessed.

What Is mcpauth?

mcpauth is a self-hostable OAuth 2.0 server purpose-built for the Model Context Protocol (MCP). It lets you add MCP-compliant authentication to your MCP applications without relying on a third-party authorization server.

From the README:

“A full-featured, self-hostable OAuth 2.0 server designed for the Modern AI-era and the Model-Context-Protocol (MCP).”

The key problem it solves: MCP clients like OpenAI’s ChatGPT require OAuth 2.0 for authenticating users and authorizing access to tools. Most OAuth providers are third-party services with their own hosting, pricing, and data policies. mcpauth flips that — you run the server yourself, your data stays on your infrastructure.

Supported stacks

| Type | Supported | |------|-----------| | Framework | Next.js, Express | | Database | Prisma, Drizzle |

Setup Workflow

Prerequisites

  • Node.js 18+ and npm/pnpm
  • A supported framework (Next.js or Express)
  • A supported database (Prisma or Drizzle)

Step 1: Install the package

npm install @mcpauth/auth
# or
pnpm add @mcpauth/auth

Step 2: Configure the adapter

Set up your framework adapter and database store. For Next.js with Prisma:

import { Mcpauth } from '@mcpauth/auth';
import { PrismaStore } from '@mcpauth/store-prisma';
import { NextjsAdapter } from '@mcpauth/adapter-nextjs';

const mcpauth = new Mcpauth({
  adapter: new NextjsAdapter({
    // your Next.js config
  }),
  store: new PrismaStore({
    // your Prisma client instance
  }),
});

Step 3: Integrate authenticateUser

The core function authenticateUser bridges your existing auth system to the OAuth flow:

authenticateUser: async (request: Request) => {
  // Grab the user's existing session from a cookie
  const session = await getSession(request, authConfig);
  // Return the user object if authenticated, or null if not
  return (session?.user as OAuthUser) ?? null;
},

This means you do not need to rebuild your authentication stack — plug in any existing session, cookie, or token validation logic.

Step 4: Connect to an MCP client

After deploying your mcpauth server, point your MCP client (e.g. ChatGPT Custom Connector) to your self-hosted authorization endpoint. The server handles token issuance, refresh, and validation automatically.

ChatGPT Deep Research Connectors

A notable use case is ChatGPT’s Deep Research Custom Connector feature. OpenAI’s connector system requires an OAuth 2.0 server, and mcpauth is one of the few open-source options purpose-built for this integration. The README notes a known UX issue — after adding a new custom connector, you may see a “This connector does not implement our schema” error, which typically resolves on page refresh.

Why Self-Hosted OAuth for MCP?

  1. Data sovereignty — no LLM provider or third party sees your authentication traffic
  2. No vendor lock-in — swap out any component (framework, database) independently
  3. Compliance — useful for enterprise or regulated environments where auth must stay internal
  4. FlexibilityauthenticateUser accepts any auth logic, not just a specific session system

FAQ

Q: Does mcpauth work with MCP servers other than ChatGPT? A: Yes. Any MCP client or server that implements the OAuth 2.0 flow can use mcpauth as the authorization provider.

Q: Can I use a database I already have (not Prisma or Drizzle)? A: Currently only Prisma and Drizzle are supported as database stores. Support for other ORMs or direct SQL can be requested via a GitHub issue.

Q: Is there a hosted/managed version of mcpauth? A: No — mcpauth is fully self-hosted. You deploy it on your own infrastructure.

Q: What happens if I forget my OAuth client credentials? A: Credentials are managed in your own database through the store adapter. There is no default recovery through mcpauth — keep your credentials in a secrets manager.

Conclusion

mcpauth fills a real gap in the MCP ecosystem: a self-contained, open-source OAuth 2.0 server that stays on your infrastructure. If you are building MCP tools and need authentication without handing off control to a third-party provider, it is worth a look.

Try the live demo or read the docs to see if it fits your stack.

Related Posts

dev-tools

Automotive Skills Suite for AI Engineering

Evaluate Automotive Skills Suite for APQP, ASPICE, HARA, safety-plan, and DIA workflows with setup notes, governance risks, and SME review guidance.

5/28/2026

dev-tools

awesome-agentic-ai-zh Roadmap Guide

Explore awesome-agentic-ai-zh as a Chinese agentic AI learning roadmap, with setup notes, track selection, study workflow, and evaluation guidance.

5/28/2026

dev-tools

Baguette iOS Simulator Automation Guide

Set up Baguette for iOS Simulator automation, web dashboards, device farms, gesture input, streaming, and camera testing with Xcode caveats.

5/28/2026
Share this post: Share on X Share on LinkedIn