Concept

Firney MCP Broker

type conceptstatus activemcp · oauth · broker · notion

Summary

FirneyGroup/mcp-broker is an OAuth token broker + reverse proxy for remote MCP connections (HTTP/1.1, port 8002). It stores OAuth tokens for upstream SaaS (Notion, Slack, Google, HubSpot) and forwards MCP calls to them, so AI clients never handle raw tokens.

Key points

  • Two inbound auth modes: header (X-Broker-Key + X-App-Id) for internal callers, and inbound OAuth 2.1 (dynamic client registration) for remote clients like claude.ai.
  • Multi-connector: each connector is its own MCP endpoint at /proxy/<name>; the OAuth resource is bound to that path. Connecting a client to the bare root yields error=invalid_target — use /proxy/notion_api.
  • Config: settings.yaml (connectors, clients, oauth) + .env (secrets); runs via Docker.

Details

Operators connect upstream providers once via browser OAuth; tokens are encrypted at rest (Fernet). The broker's public_url must match the externally-reachable base for OAuth callbacks to work.

Sources

Compiled from wiki/concepts/Firney-MCP-Broker.md · git is the source of truth