I Couldn't Find an OAuth 2.1 Proxy for MCP Servers, So I Built One

When I started deploying custom MCP servers to connect to Claude.ai, I hit a wall fast. Claude.ai's custom connector flow requires your MCP server to implement OAuth 2.1 Protected Resource Metadata — specifically RFC 9728 — before it will even attempt to authenticate. No RFC 9728 /.well-known/oauth-protected-resource endpoint? Silent failure. No error. The connector just doesn't work. I went looking for an existing solution. Something that could sit in front of any MCP server, handle the spec compliance, validate JWTs, and get out of the way. Nothing existed. So I built it: mcp-gate. What the Problem Actually Is When Claude.ai connects to a custom MCP server, the flow looks roughly like this: Claude.ai fetches /.well-known/oauth-protected-resource from your server That endpoint must return RFC 9728 metadata pointing to your authorization server Claude.ai negotiates an OAuth 2.1 token with that authorization server Subsequent requests carry a Bearer JWT, which your server must validate