aicoolies logo

workers-oauth-provider

OAuth 2.1 provider framework for Cloudflare Workers

Share
free
Visit Website →

workers-oauth-provider is Cloudflare's official OAuth provider library for Workers. It implements the provider side of the OAuth 2.1 protocol with PKCE support and RFC 8414 compliance. Handles token management automatically via Cloudflare KV storage. Gives fullstack teams a path to implement OAuth at the edge without heavy auth servers. TypeScript-native with npm package available.

Workers OAuth Provider is Cloudflare's official TypeScript library that implements the provider side of the OAuth 2.1 protocol for Cloudflare Workers, designed specifically to add authorization to remote MCP servers and API endpoints. It implements the full suite of specifications required by the MCP authorization standard: OAuth 2.1 with PKCE (draft-ietf-oauth-v2-1-13), Authorization Server Metadata (RFC 8414), Protected Resource Metadata (RFC 9728), Dynamic Client Registration (RFC 7591), and Client ID Metadata Documents. The library wraps around existing Worker code, automatically handling token management, authorization flows, and session validation while passing authenticated user details directly to API handlers.

The library emerged as a critical piece of MCP infrastructure after the Model Context Protocol specification mandated OAuth 2.1 with PKCE for all public remote servers in November 2025. Without it, developers building remote MCP servers on Cloudflare Workers would need to implement the full OAuth 2.1 flow from scratch — a complex and security-sensitive task involving PKCE code challenges, token rotation, and metadata endpoint configuration. The library reduces this to a few lines of configuration, making it practical for individual developers and small teams to deploy authenticated MCP servers. It integrates naturally with Cloudflare's Durable Objects for session storage and KV for token persistence.

Published on npm as @cloudflare/workers-oauth-provider with over 1,700 GitHub stars, the library has become the de facto standard for adding authentication to Cloudflare-hosted MCP servers. The project maintains active development with security-conscious practices — a PKCE bypass vulnerability discovered through responsible disclosure was quickly patched, demonstrating the security scrutiny the library receives. It ships under the MIT license with comprehensive documentation on Cloudflare's developer docs, example implementations, and integration guides for popular identity providers including Stytch, Auth0, and Clerk.

Pricing

Free and open source, MIT licensed

Platforms

Cloudflare Workers, TypeScript

Categories

Tags

Use Cases

Alternatives

Related Tools

KubeAI logo

KubeAI

Kubernetes operator for serving AI inference workloads

KubeAI is an Apache-2.0 Kubernetes operator for deploying and scaling AI inference workloads, including LLMs, embeddings, reranking, and speech-to-text. It gives platform teams OpenAI-compatible endpoints, model proxy/controller primitives, model caching, scale-from-zero behavior, and cluster-native resource management for self-hosted inference on Kubernetes.

open-sourceOpen Source
Freestyle logo

Freestyle

Sandboxes for coding agents — Linux VMs, Git, and deploys in one box

Freestyle is YC-backed sandbox infrastructure built for AI coding agents, shipping secure Linux VMs with nested virtualization, Git servers, and one-click web deploys. It lets agents run real workloads, branch repos, and deploy apps under short-lived identities while billing only for active compute. Used in production by vly.ai, Rork, and Vibeflow.

freemium
OpenSRE logo

OpenSRE

Open-source toolkit for building AI SRE incident response agents

OpenSRE is Tracer Cloud’s open-source public-alpha Python toolkit for building AI SRE agents that investigate and respond to production incidents. It ships 60+ tools across observability, databases, incident management, communications, deployment and protocol integrations, plus simulation/evaluation workflows for benchmarking agent accuracy before live pager use.

open-sourceOpen Source
Twill AI logo

Twill AI

Autonomous coding agents that ship while you sleep

Twill is an autonomous coding agent platform that implements features, fixes bugs, and ships pull requests without manual intervention. Uses structured workflow of research, planning, human review, implementation in isolated sandbox, AI code review, then merge. Supports custom agent configurations with multiple LLM providers, isolated dev environments for verification, and integrations with GitHub, Linear, Sentry, Notion, and cloud platforms for end-to-end engineering automation.

freemium
Baseten logo

Baseten

ML inference platform for production AI models

Baseten is the inference platform for deploying AI models at scale with dedicated and pre-optimized model APIs and performance-optimized infrastructure. Specializes in image generation, transcription, text-to-speech, LLM serving, embeddings, and compound AI workloads. Delivers 75% latency reduction with 415ms cold starts and 3000+ concurrent scaling. Available as managed cloud or self-hosted, trusted by Cursor, Notion, Descript, and Sourcegraph for production inference.

api-usage-based
Resolve AI logo

Resolve AI

AI-powered production incident resolution

Resolve AI automates production incident investigation, diagnosis, and remediation acting as an AI SRE that participates in every on-call rotation. Autonomously investigates incidents pursuing multiple hypotheses in parallel, validates against real evidence, creates code snippets and drafts PRs, generates post-mortems, and onboards new teammates with instant answers about code and infrastructure. Drives 5x faster MTTR and 87% faster incident investigations.

paid