@stackone/mcp-remote
Advanced tools
>Based off this package by @geelen: https://github.com/geelen/mcp-remote
Based off this package by @geelen: https://github.com/geelen/mcp-remote
This adds bearer token auth.
Connect an MCP Client that only supports local (stdio) servers to a Remote MCP Server, with auth support:
Note: this is a working proof-of-concept but should be considered experimental.
So far, the majority of MCP servers in the wild are installed locally, using the stdio transport. This has some benefits: both the client and the server can implicitly trust each other as the user has granted them both permission to run. Adding secrets like API keys can be done using environment variables and never leave your machine. And building on npx and uvx has allowed users to avoid explicit install steps, too.
But there's a reason most software that could be moved to the web did get moved to the web: it's so much easier to find and fix bugs & iterate on new features when you can push updates to all your users with a single deploy.
With the MCP Authorization specification nearing completion, we now have a secure way of sharing our MCP servers with the world without running code on user's laptops. Or at least, you would, if all the popular MCP clients supported it yet. Most are stdio-only, and those that do support HTTP+SSE don't yet support the OAuth flows required.
That's where mcp-remote comes in. As soon as your chosen MCP client supports remote, authorized servers, you can remove it. Until that time, drop in this one liner and dress for the MCP clients you want!
All the most popular MCP clients (Claude Desktop, Cursor & Windsurf) use the following config format:
{
"mcpServers": {
"remote-example": {
"command": "npx",
"args": ["mcp-remote", "https://remote.mcp.server/sse"]
}
}
}
mcp-remote supports two authentication methods:
To use bearer token authentication, add the --bearer flag followed by your token:
{
"mcpServers": {
"remote-example": {
"command": "npx",
"args": [
"mcp-remote",
"--bearer",
"your-bearer-token",
"https://remote.mcp.server/sse"
]
}
}
}
npx is producing errors, consider adding -y as the first argument to auto-accept the installation of the mcp-remote package. "command": "npx",
"args": [
"-y",
"mcp-remote",
"https://remote.mcp.server/sse"
]
npx to always check for an updated version of mcp-remote, add the @latest flag: "args": [
"mcp-remote@latest",
"https://remote.mcp.server/sse"
]
mcp-remote to ignore any existing access tokens and begin the authorization flow anew, pass --clean. "args": [
"mcp-remote",
"https://remote.mcp.server/sse",
"--clean"
]
mcp-remote listens for an OAuth redirect (by default 3334), add an additional argument after the server URL. Note that whatever port you specify, if it is unavailable an open port will be chosen at random. "args": [
"mcp-remote",
"https://remote.mcp.server/sse",
"9696"
]
In order to add an MCP server to Claude Desktop you need to edit the configuration file located at:
~/Library/Application Support/Claude/claude_desktop_config.json%APPDATA%\Claude\claude_desktop_config.jsonIf it does not exist yet, you may need to enable it under Settings > Developer.
Restart Claude Desktop to pick up the changes in the configuration file. Upon restarting, you should see a hammer icon in the bottom right corner of the input box.
Official Docs. The configuration file is located at ~/.cursor/mcp.json.
As of version 0.48.0, Cursor supports unauthed SSE servers directly. If your MCP server is using the official MCP OAuth authorization protocol, you still need to add a "command" server and call mcp-remote.
Official Docs. The configuration file is located at ~/.codeium/windsurf/mcp_config.json.
~/.mcp-auth directorymcp-remote stores OAuth credential information inside ~/.mcp-auth (or wherever your MCP_REMOTE_CONFIG_DIR points to). If you're having persistent issues with OAuth authentication, try running:
rm -rf ~/.mcp-auth
Then restarting your MCP client. Note: This is not necessary when using bearer token authentication.
Make sure that the version of Node you have installed is 18 or higher. Claude Desktop will use your system version of Node, even if you have a newer version installed elsewhere.
When modifying claude_desktop_config.json it can helpful to completely restart Claude
You may run into issues if you are behind a VPN, you can try setting the NODE_EXTRA_CA_CERTS
environment variable to point to the CA certificate file. If using claude_desktop_config.json,
this might look like:
{
"mcpServers": {
"remote-example": {
"command": "npx",
"args": ["mcp-remote", "https://remote.mcp.server/sse"],
"env": {
"NODE_EXTRA_CA_CERTS": "{your CA certificate file path}.pem"
}
}
}
}
tail -n 20 -F ~/Library/Logs/Claude/mcp*.logtail -n 20 -f "C:\Users\YourUsername\AppData\Local\Claude\Logs\mcp.log"Get-Content "C:\Users\YourUsername\AppData\Local\Claude\Logs\mcp.log" -Wait -Tail 20If using OAuth authentication and you encounter the following error, returned by the /callback URL:
Authentication Error
Token exchange failed: HTTP 400
You can run rm -rf ~/.mcp-auth to clear any locally stored state and tokens.
If using bearer token authentication and you encounter authentication errors, verify that:
Run the following on the command line (not from an MCP server):
# Using OAuth authentication
npx -p mcp-remote@latest mcp-remote-client https://remote.mcp.server/sse
# Using bearer token authentication
npx -p mcp-remote@latest mcp-remote-client --bearer your-token https://remote.mcp.server/sse
This will attempt to connect to the remote URL and list the tools & resources. For OAuth authentication, pair this with --clean or after running rm -rf ~/.mcp-auth to see if stale credentials are your problem. The logs should help identify any authentication or connection issues.
FAQs
Please use this package by @geelen: https://github.com/geelen/mcp-remote
The npm package @stackone/mcp-remote receives a total of 5 weekly downloads. As such, @stackone/mcp-remote popularity was classified as not popular.
We found that @stackone/mcp-remote demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
TrapDoor crypto stealer hits 36 malicious packages across npm, PyPI, and Crates.io, targeting crypto, DeFi, AI, and security developers.
Research
/Security News
Laravel Lang packages were compromised with an RCE backdoor across hundreds of versions, exposing cloud, CI/CD, and developer secrets.
Security News
Socket found a malicious postinstall hook across 700+ GitHub repos, including PHP packages on Packagist and Node.js project repositories.