Summary
FirneyGroup/mcp-broker is an OAuth token broker + reverse proxy for remote MCP
connections (HTTP/1.1, port 8002). It stores OAuth tokens for upstream SaaS (Notion, Slack,
Google, HubSpot) and forwards MCP calls to them, so AI clients never handle raw tokens.
Key points
- Two inbound auth modes: header (
X-Broker-Key+X-App-Id) for internal callers, and inbound OAuth 2.1 (dynamic client registration) for remote clients like claude.ai. - Multi-connector: each connector is its own MCP endpoint at
/proxy/<name>; the OAuth resource is bound to that path. Connecting a client to the bare root yieldserror=invalid_target— use/proxy/notion_api. - Config:
settings.yaml(connectors, clients, oauth) +.env(secrets); runs via Docker.
Details
Operators connect upstream providers once via browser OAuth; tokens are encrypted at rest
(Fernet). The broker's public_url must match the externally-reachable base for OAuth
callbacks to work.
Related
Sources
Compiled from
wiki/concepts/Firney-MCP-Broker.md · git is the source of truth