This is a Model Context Protocol (MCP) server that supports remote MCP connections, with PingOne built-in.
The MCP server (powered by Cloudflare Workers):
- Acts as OAuth Server to your MCP clients
- Acts as OIDC Client to your PingOne environment
Warning
This is a demo template designed to help you get started quickly. While we have implemented several security controls, you must implement all preventive and defense-in-depth security measures before deploying to production. Please review our comprehensive security guide: Securing MCP Servers
This demo shows how an MCP server can securely call a protected API on behalf of an end user. To begin:
- Deploy the Todo API.
- Deploy either the OIDC MCP server (for Cloudflare-managed consent) or the DaVinci OIDC MCP Server (for PingOne DaVinci-managed consent).
Note
The API used here could be any PingOne-secured API. We use a Cloudflare workers API for this example, but the goal is to demonstrate how any API can be connected to an MCP server using this architecture.
Navigate to https://playground.ai.cloudflare.com and connect to your MCP server using the following URL pattern:
https://remote-mcp-pingone(-dv).<your-subdomain>.workers.dev/mcp
Open Claude Desktop and navigate to Settings -> Developer -> Edit Config. This opens the configuration file that controls which MCP servers Claude can access.
Replace the content with the following configuration. Once you restart Claude Desktop, a browser window will open showing your OAuth login page. Complete the authentication flow to grant Claude access to your MCP server. After you grant access, the tools will become available for you to use.
{
"mcpServers": {
"todo-mcp": {
"command": "npx",
"args": [
"mcp-remote",
"https://remote-mcp-pingone(-dv).<your-subdomain>.workers.dev/mcp"
]
}
}
}
Once the Tools (under 🔨) show up in the interface, you can ask Claude to use them. For example: "Could you tell me what is in my Todo list?". Claude should invoke the tool and show the result generated by the MCP server.
This architecture bridges the stateless nature of Cloudflare workers with the stateful requirements of an authenticated MCP session.
The OAuth provider library implements a compliant OAuth 2.1 server directly within your Cloudflare worker. It acts as the security gateway, performing a dual role:
- OAuth Server: It manages the immediate relationship with the MCP client, handling registration and issuing session tokens.
- OIDC Client: It orchestrates the upstream federation with PingOne, exchanging authorization codes for the access tokens needed to call protected APIs.
The MCP server extends the McpAgent class, which automatically wraps the MCP logic in a durable object. This handles the complex infrastructure requirements:
- Session Persistence: It creates a dedicated, isolated environment for each MCP connection and securely persists the PingOne tokens in the durable object's storage (
this.props). - Streamable HTTP: The agent automatically handles the network transport layer. It accepts standard HTTP requests from MCP clients and routes them to MCP tools in the correct durable object.
The official @modelcontextprotocol/sdk is used to define the actual capabilities of the MCP server. Inside the agent, an McpServer instance:
- Handles Protocol: Manages the serialization of JSON-RPC messages and tool definitions.
- Enables Streaming: Implements Streamable HTTP to support real-time, bi-directional communication over a single endpoint.
This architecture demonstrates a pattern for connecting AI agents to APIs secured by PingOne. By functioning as an OAuth proxy, the MCP server enables LLMs to interact with services on behalf of an authenticated user, without modifying the downstream API's existing permission models. Whether using the direct Cloudflare consent approach or the DaVinci orchestration flow, this project provides a configuration guide for enabling natural language interactions with enterprise data while maintaining identity-based access controls.