Identity for AI

Secure a Cloudflare Workers MCP server with PingFederate

The Cloudflare Workers Model Context Protocol (MCP) server functions as a resource server within the OAuth architecture. It validates incoming requests and facilitates token exchange, ensuring secure communication between the MCP client and downstream APIs.

This tutorial uses the remote-mcp-ping-federate directory in the Ping Identity cloudflare-mcp Git repository.

This tutorial is designed to help you get started quickly. Although we have implemented several security controls, you must implement all preventive and defense-in-depth security measures before deploying to production. Learn more in Security Best Practices in the MCP documentation.

How does it work?

This architecture bridges the stateless nature of Cloudflare Workers with the stateful requirements of an authenticated MCP session.

Authentication and client bootstrapping

When an unregistered MCP client tries to connect to the MCP server without a token, the server provides the necessary details for the client to perform Dynamic Client Registration (DCR). This allows the client to handle the user login and consent with PingFederate automatically, provisioning the tokens required to both connect to the MCP server and for the MCP server to execute delegated token exchanges.

This implementation utilizes DCR to handle client onboarding.

Although the MCP protocol recommends Client ID Metadata Document (CIMD) as the new standard, DCR remains the only production-ready option currently supported by enterprise identity providers (IdPs) like PingFederate.

Future versions of this architecture might transition to CIMD as support becomes available.

Cloudflare agents (state and transport)

The MCP server extends the McpAgent class, which automatically wraps the MCP logic in a durable object. This handles the following infrastructure requirements:

Session persistence

It creates a dedicated, isolated environment for each MCP connection and securely persists the PingFederate tokens in the durable object’s storage (this.props).

Network transport

The agent manages the raw HTTP connection. It accepts incoming requests and keeps the response open as a Server-Sent Events (SSE) stream, enabling the durable object to push real-time updates back to the client over the single endpoint.

MCP SDK (tool logic)

The official @modelcontextprotocol/sdk is used to define the actual capabilities of the MCP server. Inside the agent is an McpServer instance that manages the serialization of JSON-RPC messages and tool definitions.

Before you begin

  1. Deploy the Todo API.

  2. Deploy the MCP server.

You can use any PingFederate-secured API. This tutorial uses a Cloudflare Workers API, but you can connect any API to an MCP server with this architecture.

Tasks

  1. Access the remote MCP server from the Cloudflare Workers AI LLM Playground.

    1. Go to https://playground.ai.cloudflare.com.

    2. Connect to your MCP server using the following URL pattern:

      https://remote-mcp-ping-federate.<your-subdomain>.workers.dev/mcp

  2. Access the remote MCP server from Claude Desktop.

    1. Open Claude Desktop and go to Settings > Developer > Edit Config.

      This opens the configuration file that controls which MCP servers Claude can access.

    2. Replace the content with the following configuration, and then save:

      {
  "mcpServers": {
    "todo-mcp": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "https://remote-mcp-ping-federate.<ENV>.workers.dev/mcp"
      ]
    }
  }
}

    3. Restart Claude Desktop.

      A browser window opens showing your OAuth sign-on page.

    4. Complete the authentication flow to grant Claude access to your MCP server.

      After granting access, the tools are available for you to use.

    5. You can ask Claude to use the tools that populate the Tools list. For example: "Can you tell me what is in my Todo list?"

      Claude invokes the tool and shows the result generated by the MCP server.