Dify logo
Dify logo
Marketplace
app icon
MCP Auth Relay
0.0.4

Relay remote MCP tools with per-user OAuth, callback handling, and tool discovery for Dify.

kazuya-awano/mcp-auth-relay493 installs
Install

MCP Auth Relay

MCP Auth Relay lets Dify use remote MCP servers through three tools and two endpoints. It stores OAuth tokens per user, receives the OAuth callback inside the plugin, and exposes MCP tools through a stable Dify wrapper.

Author: kazuya-awano
Github Repository: https://github.com/kazuya-awano/mcp-auth-relay

Features

  • : lists MCP tools and returns values in format
  • : executes an MCP tool by with JSON input
  • : returns current auth status and login URL per server, with optional forced re-auth URL issuance
  • : exchanges OAuth authorization code for access token
  • : clears stored tokens and cached tool lists
  • Per-user token storage
  • Per-server tool list cache
  • Optional OAuth metadata discovery and DCR support

Configure In Dify

  1. Install the plugin in Dify.
  2. Open the installed plugin and publish the callback endpoint.
  3. Copy the issued callback URL for .
  4. Open the provider settings for .
  5. Build with the issued callback URL in each server's .
  6. Optionally set .
  7. In your Agent or Workflow, add , , and .

Step 1: Install

Install as a plugin in your Dify environment.

Step 2: Publish the endpoint

After installation, publish the plugin endpoint for . Dify will issue a URL similar to:

Use this exact issued URL as in your MCP server JSON and in the upstream OAuth client settings if the identity provider requires pre-registered redirect URIs.

Step 3: Configure

Set in the provider settings. The same issued callback URL can be reused across multiple MCP servers if that is how you want to manage the relay.

Example:

Notes:

  • should explain what each server is for. The model uses it to decide which server to inspect.
  • must be the issued callback endpoint URL from Dify.
  • and can be omitted when the MCP server exposes OAuth metadata.
  • Public/DCR clients are supported when the upstream server allows them.

Step 4: Add tools to the Agent

Add these tools to the Agent or Workflow:

is used to branch workflow logic by current auth state and login URL. discovers available MCP tools. executes the selected MCP tool by .

Usage Flow

  1. Call first.
  2. If any server status is , open and complete sign-in.
  3. Optionally set when you need account switching and a fresh login URL.
  4. Call .
  5. Call with the returned and input JSON.

Example input:

Example input:

Example input:

Endpoints

  • : OAuth callback endpoint used by upstream identity providers
  • : deletes stored tokens and cached tool lists; optional query limits deletion to one server

License

Apache-2.0

CATEGORY
Tool
TAGS
UTILITIES
VERSION
0.0.4
kazuya-awano·03/24/2026 07:13 AM
REPOSITORY
https://github.com/kazuya-awano/mcp-auth-relay
REQUIREMENTS
Endpoint registration
Maximum memory
256MB
Maximum storage
1MB