MCP.so
Sign In
Servers

Model Context Protocol (MCP) Server + Feishu OAuth

@ztxtxwd

Overview

What is Model Context Protocol (MCP) Server + Feishu OAuth?

This is an MCP server that supports remote connections, with Feishu OAuth built‑in for authentication. It is derived from Cloudflare’s remote MCP GitHub OAuth demo and replaces GitHub OAuth with Feishu OAuth, integrating tools from the official Feishu/Lark OpenAPI MCP library. It is intended for developers who want to deploy a remote MCP server authenticated via Feishu account.

How to use Model Context Protocol (MCP) Server + Feishu OAuth?

Clone the repository, install dependencies (npm install), create a Feishu application on the Feishu Open Platform, set secrets via Wrangler (FEISHU_APP_ID, FEISHU_APP_SECRET, COOKIE_ENCRYPTION_KEY), create a KV namespace, then deploy with wrangler deploy. Users connect via an MCP client (e.g., Inspector, Claude Desktop, Cursor) using the SSE endpoint https://mcp-feishu-oauth.<your-subdomain>.workers.dev/sse and authenticate with their Feishu account.

Key features of Model Context Protocol (MCP) Server + Feishu OAuth

  • Remote MCP server with built‑in Feishu OAuth authentication.
  • Deployable to Cloudflare Workers (Cloudflare Workers, KV, Wrangler).
  • Includes math (“add”) and Feishu user info tools.
  • Generate image tool restricted to configurable Feishu user IDs.
  • Integrates Feishu/Lark MCP tools: documents, messages, tasks, OCR, dictionary, helpdesk.
  • Uses User Access Tokens for secure Feishu API access.
  • Supports multiple MCP clients: Inspector, Claude Desktop, Cursor, Windsurf.

Use cases of Model Context Protocol (MCP) Server + Feishu OAuth

  • Provide an MCP server that only Feishu‑authenticated users can access.
  • Enable AI assistants (e.g., Claude Desktop) to perform Feishu operations like searching documents or sending messages.
  • Restrict sensitive tools to specific Feishu users for fine‑grained access control.
  • Serve as a reference for integrating other OAuth providers with MCP on Cloudflare Workers.

FAQ from Model Context Protocol (MCP) Server + Feishu OAuth

What runtime or dependencies are required?

It runs on Cloudflare Workers and requires Node.js (for local development), Wrangler CLI, and a Cloudflare account with Workers Paid plan (for KV). Dependencies include workers-oauth-provider, durable-mcp, and mcp-remote libraries.

How does authentication work?

The server acts as an OAuth server to MCP clients and as an OAuth client to Feishu. Users sign in with their Feishu account; the server obtains a User Access Token from Feishu and uses it for tool invocations that call Feishu APIs.

Can I restrict which tools users can access?

Yes. Basic tools (“add”, “userInfoFeishu”) are available to all authenticated Feishu users. The “generateImage” tool is restricted to a configurable set of Feishu user IDs defined in ALLOWED_USER_IDS. You can extend this pattern for other tools.

What transports and authentication methods are supported?

The server uses Server‑Sent Events (SSE) for transport. Authentication is OAuth 2.1 with Feishu as the identity provider. MCP clients connect to the /sse endpoint and are redirected through the Feishu OAuth flow.

Where does authentication data live?

Tokens and authentication state are stored in a Cloudflare Workers KV namespace named OAUTH_KV. The server uses Cloudflare Durable Objects for persistent state management across requests.

Tags

More from Communication