playbooks

home / mcp / clerk mcp server

Clerk MCP Server

Provides a remote MCP server with Clerk OAuth for authentication and RBAC-controlled tools.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "codewithpassion-cf-mcp-server-clerk": {
      "url": "https://mcp-clerk-oauth.<your-subdomain>.workers.dev/mcp",
      "headers": {
        "CLERK_CLIENT_ID": "ca_ABC123...",
        "CLERK_SECRET_KEY": "sk_live_...",
        "CLERK_FRONTEND_API": "https://your-subdomain.clerk.accounts.dev",
        "CLERK_CLIENT_SECRET": "sk_live_...",
        "COOKIE_ENCRYPTION_KEY": "a1b2c3d4e5f607081112131415161718"
      }
    }
  }
}

This MCP server enables remote connections via Clerk OAuth, letting users sign in to your server and access a suite of tools securely. It runs on Cloudflare Workers, acting as both an OAuth server for MCP clients and a client to Clerk for authentication, making it simple to deploy and test auth-backed MCP workflows.

How to use

You connect to your remote MCP server from an MCP client or development tool. After signing in with Clerk, you gain access to core tools for your authenticated users. The server enforces access control so basic tools are available to all authenticated users, while sensitive tools are gated by roles defined in Clerk.

How to install

Prerequisites you need on your machine before starting:

• Node.js installed on your system (recommended LTS version)

• Wrangler CLI installed if you plan to deploy to Cloudflare Workers

Step-by-step setup and run

# Create the MCP server project with a Clerk OAuth template
npm create cloudflare@latest -- my-mcp-server --template=cloudflare/ai/demos/remote-mcp-clerk-oauth

If you prefer to start locally for development, you can run the server in development mode after configuring Clerk credentials.

npm run dev  # or: wrangler dev

To deploy to Cloudflare Workers, you will need to set up Secrets and a KV namespace. The following steps outline the configuration steps you will run in your terminal.

Access and authentication flow

The server uses Clerk OAuth to authenticate users. You will create a Clerk application, obtain a client ID and secret, and provide a front-end API URL. During deployment, set secrets so the MCP server can complete the OAuth flow and issue tokens to clients.

Access the remote MCP server from Claude Desktop

In Claude Desktop, update the MCP server configuration to point to your remote endpoint and authorize the OAuth flow. After you start Claude and complete the login flow, Claude will expose your MCP tools for use.

For Local Development

In Clerk Dashboard, update your OAuth application's redirect URI to http://localhost:8788/callback. Copy the example environment values to a local .env file and start the server in development mode.

Available tools

add

Add a number or data to the MCP workspace using the available tools.

userInfo

Fetch information about the currently authenticated user.

generateImage

Generate an image using the server’s image generation tool. Access is restricted to specified roles via RBAC.