Any MCP client that supports remote MCP over streamable HTTP can connect to this Worker. WhenDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/XxYouDeaDPunKxX/cloudflare-r2-remote-mcp-worker/llms.txt
Use this file to discover all available pages before exploring further.
AUTH_MODE=github is set, the Worker acts as a full OAuth 2.0 authorization server and requires a GitHub login before granting access to the tool endpoint. When AUTH_MODE=none is set — typically for local development — the endpoint is open and requires no credentials at all.
Endpoint Reference
The MCP endpoint depends on where the Worker is running and howAUTH_MODE is configured.
Remote (deployed Worker):
AUTH_MODE=none):
AUTH_MODE=github is active, the Worker exposes four OAuth routes that MCP clients and browsers interact with during the login flow:
ALLOWED_GITHUB_LOGINS environment variable. Any other GitHub account will authenticate successfully but will be denied access.
Generic Client Configuration
Use the following values when configuring any MCP-compatible client. The exact field names vary by client, but the concepts are the same. Remote with GitHub OAuth:tools/list confirms that:- The client successfully reached
/mcp - Authentication completed (when
AUTH_MODE=github) - The Worker registered its tools without error
tools/list with a misconfigured or unbound bucket will still return tool names — the failure only surfaces when a tool is invoked. Use /healthz to verify bucket accessibility independently.Troubleshooting
401 or OAuth failure during login
401 or OAuth failure during login
A
401 response or an OAuth error during the authorization flow usually points to a misconfigured auth setup. Check each of the following:- Confirm
AUTH_MODE=githubis set in your Wrangler config or environment. - Verify the GitHub OAuth App’s Authorization callback URL is set to
https://<worker-url>/callback— an exact match is required. - Confirm
GITHUB_CLIENT_IDandGITHUB_CLIENT_SECRETare stored as Worker secrets (not plain-text vars). - Confirm
COOKIE_ENCRYPTION_KEYis set as a Worker secret. - Confirm the
OAUTH_KVKV namespace binding exists in your Wrangler config and is bound to the Worker.
Login succeeds but access is denied
Login succeeds but access is denied
If the GitHub login completes without error but the client still receives an access-denied response, the authenticated GitHub login is not listed in
ALLOWED_GITHUB_LOGINS.- Open your Wrangler config and check the value of
ALLOWED_GITHUB_LOGINS. - The value is a comma-separated list of GitHub usernames (e.g.
alice,bob). - Add the GitHub username to the list, then redeploy the Worker.
No tools visible after connecting
No tools visible after connecting
If the client connects without error but
tools/list returns an empty set, work through these checks in order:- Confirm the client is pointed at
/mcpand not at/healthzor any other route. - Refresh tool or action definitions inside the client — most clients cache the tool list.
- Confirm the Worker deployed successfully by checking the Cloudflare dashboard or running
wrangler tail. - Open
/healthzin a browser or withcurlto verify the bucket is accessible. A503response from/healthzmeans the bucket binding is broken, which can also prevent tool registration in some configurations.
Client Guides
ChatGPT
Step-by-step instructions for adding this Worker as a custom ChatGPT connector with OAuth.
MCP Inspector
Use the official MCP Inspector to browse and invoke tools interactively against the Worker.
AUTH_MODE, and ALLOWED_GITHUB_LOGINS interact, see the Auth Overview.