MCP supports authentication via OAuth2, which is what we use here. For the most part, this means that a browser window is opened and the user can sign in with their GitHub or Google account. The access token is verified by us and passed to the upstream MCP server.
We'd love to allow orgs to bring their own IdP but there is some refactoring we still have to do for this.
We hear you… There is always a trade-off between analytics and user privacy. We believe that open-source solutions are the way to go in this space, however no implementation is going to suit every use-case.
Nice project! The install instructions generator looks a lot like the one Alpic built: https://mcp-install-instructions.alpic.cloud/
Indeed, they are really pretty similar, but ours is actually also Open Source: https://github.com/hyprmcp/mcp-install-instructions-generato...
How does auth work in practice? What’s the login process from the user’s PoV?
MCP supports authentication via OAuth2, which is what we use here. For the most part, this means that a browser window is opened and the user can sign in with their GitHub or Google account. The access token is verified by us and passed to the upstream MCP server.
We'd love to allow orgs to bring their own IdP but there is some refactoring we still have to do for this.
I would be extremely cautious about what you log from LLMs in a cloud MCP server, who you make those logs available to, data retention policies, etc.
They are going to be a PII landmine.
We hear you… There is always a trade-off between analytics and user privacy. We believe that open-source solutions are the way to go in this space, however no implementation is going to suit every use-case.