mcp-entra-auth-proxy

[](https://www.npmjs.com/package/mcp-entra-auth-proxy) [](https://www.npmjs.com/package/mcp-entra-auth-proxy) [](./LICENSE)

> Workaround solution. This proxy exists because most MCP clients do not yet natively support Microsoft Entra ID authentication. If your MCP client supports Entra ID auth natively, prefer using its built-in authentication flow instead of this proxy.

Local stdio MCP proxy that forwards requests to a remote MCP server, authenticating via Microsoft Entra ID tokens from the az CLI.

Use it to connect any MCP-compatible AI client (VS Code Copilot, Claude Code, OpenCode, Cursor, etc.) to a remote Microsoft Entra ID-protected MCP server — without embedding credentials in the client config.

+--------------+          +----------------------+          +--------------+
|  AI Client   |  stdio   | mcp-entra-auth-proxy | HTTP(S)  | Remote MCP   |
| (VS Code,    |<-------->|       (local)        |<-------->| Server       |
|  Claude, ..) |          |                      | + Bearer | (Entra ID    |
|              |          |                      |   token  |  protected)  |
+--------------+          +----------------------+          +--------------+

1. Your AI client spawns mcp-entra-auth-proxy as a local stdio MCP server
2. The proxy acquires a Microsoft Entra ID token via az account get-access-token
3. All MCP requests (tools, resources, prompts) are forwarded to the remote server with the Bearer token
4. Tokens are refreshed proactively before they expire

• Node.js >= 18
• Azure CLI (az) installed and logged in

az login

The Azure CLI (`az