Clerk MCP Server Guide 2026: Docs MCP and OAuth for Your Own MCP

Table of Contents

1. What Is the Clerk MCP Server?
2. Two Things People Mean by 'Clerk MCP'
3. Setup: Connecting the Clerk Docs MCP
4. Setup: Securing Your MCP With Clerk OAuth
5. What You Can Actually Build
6. Clerk vs Other Auth Options for MCP
7. Security Notes
8. Frequently Asked Questions

What Is the Clerk MCP Server?

Clerk is a developer-first authentication and user-management platform — sign-in, sign-up, organizations, sessions, and a polished pre-built UI for all of it. In early 2026 Clerk shipped its own Model Context Protocol (MCP) server, putting it among the first auth providers to give AI agents native access to their ecosystem.

That single phrase, "Clerk MCP," actually points at two separate capabilities. If you have spent any time searching for it and come away confused, that is why. One is a tool that helps you write Clerk code faster with an AI assistant. The other is infrastructure that lets you authenticate AI agents against your application's real users. Both are legitimate, both ship from Clerk, and they solve completely different problems.

This guide untangles the two, walks through setup for each, and shows where Clerk fits relative to other auth options in the MCP world. For the broader landscape of identity tooling, our best MCP servers for frontend developers roundup is a useful companion read.

Two Things People Mean by 'Clerk MCP'

1. Clerk's Hosted Docs MCP Server

The first and most commonly searched meaning is Clerk's hosted documentation MCP, available at https://mcp.clerk.com/mcp. Connect it to any MCP client and your AI assistant gains a tool that returns current Clerk SDK snippets, implementation guides, and framework-specific patterns for Next.js, React, Express, and more.

Why does this matter? Auth libraries move fast. The Clerk API your model "remembers" from its training cutoff may already be deprecated. The docs MCP closes that gap — when you ask Claude to "add Clerk organizations to my Next.js app," it fetches the real, up-to-date pattern instead of hallucinating a stale one. It is the same problem that documentation MCPs like Context7 and Ref solve generally, except this one is purpose-built and maintained by Clerk for their own SDK.

2. Clerk as an Auth Server for Your Own MCP

The second meaning is more architectural. When you build a remote MCP server — say an internal tool that exposes your company's data to AI agents — you need to answer a hard question: who is allowed to call it, and as which user? The MCP authorization specification answers this with OAuth, and OAuth for autonomous agents is genuinely tricky. It requires dynamic client registration (so an MCP client can register itself programmatically, without a human creating an app in a dashboard) and consent screens (so the end user explicitly approves what the agent can access).

Clerk implements exactly these pieces. It can act as the OAuth authorization server sitting in front of your MCP, issuing scoped tokens tied to real Clerk user accounts. The clerk/mcp-tools package on GitHub provides the server-side and client-side helpers to wire it up. This is the meaning that matters if you are shipping production MCP infrastructure rather than just consuming documentation.

Setup: Connecting the Clerk Docs MCP

This is the easy one — under sixty seconds, no API key. In Claude Desktop, open your config file (~/Library/Application Support/Claude/claude_desktop_config.json on macOS, %APPDATA%\Claude\claude_desktop_config.json on Windows) and add:

{   "mcpServers": {     "clerk": {       "command": "npx",       "args": ["-y", "mcp-remote", "https://mcp.clerk.com/mcp"]     }   } }

Restart Claude Desktop. A new clerk tool appears in the MCP sidebar. Now when you ask Claude anything about Clerk, it reaches for the live docs.

For Claude Code, skip the JSON editing and run:

claude mcp add clerk -- npx -y mcp-remote https://mcp.clerk.com/mcp

Cursor, Windsurf, Cline, and Zed all accept the same mcp-remote bridge through their respective MCP settings panels. The Skiln Config Generator can bundle the Clerk docs MCP alongside your other servers into one ready-to-paste config.

Setup: Securing Your MCP With Clerk OAuth

This path is for teams building their own remote MCP server. The high-level flow:

1. Install the helpers. Add @clerk/mcp-tools and the Clerk SDK for your framework (Next.js, Express, or Fastify).
2. Expose the OAuth metadata endpoints. MCP clients discover your authorization server via well-known metadata URLs. The clerk/mcp-tools handlers generate these for you, pointing at Clerk as the authorization server.
3. Enable dynamic client registration in Clerk. This lets an MCP client register programmatically — essential because you cannot manually pre-register every agent that might connect.
4. Verify tokens on each MCP request. Wrap your MCP route handler with Clerk's token verification so every tool call is tied to an authenticated user and the scopes they consented to.

// Pseudocode — wrap your MCP handler with Clerk token verification import { verifyClerkToken } from "@clerk/mcp-tools/server";

export async function POST(req) {   const auth = await verifyClerkToken(req);      // 401 if missing/invalid   if (!auth.userId) return new Response("Unauthorized", { status: 401 });   // ...dispatch the MCP tool call as this user, with auth.scopes }

The payoff: an agent connecting to your MCP authenticates through Clerk's consent screen, the user approves, and every subsequent tool call runs as that real user with the exact scopes they granted. No shared API keys, no over-broad service tokens. If you care about locking down agent access, pair this with the practices in our Claude Code security best practices guide.

What You Can Actually Build

Concretely, here is what each side of Clerk MCP unlocks:

• Ship Clerk integrations faster. With the docs MCP connected, "add social sign-in with GitHub and Google" produces working, current code on the first try instead of after three rounds of correcting deprecated calls.
• Build a per-user internal MCP. Expose your CRM, your analytics, or your support tooling as an MCP where each agent acts as the authenticated employee — respecting the same permissions they have in the app.
• Gate a public MCP product. If you sell access to data through an MCP, Clerk's OAuth flow plus billing means agents authenticate, consent, and get scoped tokens, while you track usage per account.
• Combine identity with payments. Clerk pairs naturally with a payments MCP like Stripe — authenticate the user with Clerk, then process or look up their billing through Stripe, all from within one agent conversation.

Clerk vs Other Auth Options for MCP

For a database-first stack, the Supabase MCP server is the natural alternative — you trade Clerk's polished auth-specific UX for Supabase's all-in-one database, storage, and auth bundle. Teams that want auth to be a clean, isolated concern tend to prefer Clerk; teams that want one platform for everything lean Supabase.

Security Notes

Two things to keep front of mind:

1. The docs MCP is read-only and safe. It returns documentation. It cannot touch your codebase or your Clerk instance. Connecting it carries essentially no risk.
2. The auth-server path is security-critical. You are deciding who can invoke your tools as which user. Use the narrowest scopes that work, verify every token, never disable the consent screen "to make testing easier," and log every MCP authorization grant. An over-permissioned agent token is just as dangerous as a leaked API key.

Frequently Asked Questions

What is the Clerk MCP server?

There are two things called 'Clerk MCP.' The first is Clerk's hosted documentation MCP server at https://mcp.clerk.com/mcp, which feeds AI clients like Claude up-to-date Clerk SDK snippets and implementation patterns. The second is Clerk acting as an OAuth authorization server for an MCP server you build yourself, so that agents authenticate against your app's real user accounts. Most people searching for 'clerk mcp' want the first; teams shipping their own remote MCP want the second.

How do I add the Clerk MCP server to Claude?

Add a server entry that runs npx -y mcp-remote https://mcp.clerk.com/mcp to your Claude Desktop config (claude_desktop_config.json) or via claude mcp add in Claude Code, then restart the client. The docs MCP needs no API key. Once connected, Claude can pull current Clerk code examples directly into its answers instead of relying on stale training data.

Is the Clerk MCP server free?

Yes. The hosted Clerk docs MCP is free to connect and use. Using Clerk as the auth layer for your own MCP server falls under Clerk's normal pricing, which includes a generous free tier (up to 10,000 monthly active users at the time of writing) before any paid plan kicks in.

What is the difference between Clerk MCP and Supabase auth?

Clerk is a dedicated authentication and user-management platform; Supabase bundles auth alongside a Postgres database and storage. For MCP specifically, Clerk ships first-class support for the MCP OAuth flow (dynamic client registration plus consent screens), which makes it a clean drop-in authorization server for remote MCP endpoints. Supabase can also gate an MCP but requires more wiring. See our Supabase MCP review for the database-first alternative.

Does the Clerk MCP work with Cursor and Windsurf?

Yes. The Clerk docs MCP is a standard remote MCP server, so any MCP-compatible client works: Claude Desktop, Claude Code, Cursor, Windsurf, Cline, and Zed. The config differs slightly per client, but each one accepts the same mcp-remote bridge to the hosted endpoint.

Can Clerk secure a remote MCP server I deploy?

Yes, and that is one of its strongest use cases. Clerk implements the pieces the MCP authorization spec requires: OAuth dynamic client registration so MCP clients can register programmatically, and consent screens so users explicitly approve access. The clerk/mcp-tools package on GitHub gives you the server-side and client-side helpers to wire this up in frameworks like Next.js and Express.

Do I need the clerk/mcp-tools package?

Only if you are building your own MCP server and want Clerk to handle authentication. The clerk/mcp-tools library provides handlers for the OAuth metadata endpoints, token verification, and the consent flow. If you only want Claude to read Clerk's documentation, you do not need it — just connect the hosted docs MCP.

Where can I find other auth and identity MCP servers?

Skiln indexes the full identity and auth MCP category. Browse /mcps and filter for auth-related servers, or search directly for Clerk, Auth0, Supabase, and Stripe identity tooling. Every listing shows its install command, source registry, and maintenance signal.

Last updated: June 29, 2026 · Skiln tracks new MCP releases daily across 13 source registries including Smithery, Glama, PulseMCP, LobeHub, and mcp.directory.