Connect Claude.
OAuth · PATGive Claude a live connection to your markdown workspace over the Model Context Protocol. Claude can then read your documents, use folder descriptions as context, and create, update, and organise notes — instead of you pasting the same background into every chat.
There are two ways to authenticate, and this page covers both:
- ›OAuth sign-in — the easiest path for claude.ai (web and desktop) custom connectors. You paste one URL and sign in; there is no token to create or copy.
- ›Personal Access Token (PAT) — for Claude Code, Claude Desktop, and the local MCP server, which send their own
Authorizationheader.
Both require an MDflow Pro account — all API and MCP access is Pro-gated. OAuth is currently in beta; the token path is a fully supported fallback everywhere.
Which Claude are you connecting?
| Field | What to enter |
|---|---|
| claude.ai (web / desktop app) | Use OAuth — add a custom connector and sign in. See Method A. |
| Claude Code (CLI) | One command with a browser OAuth sign-in, or a PAT header. See Method B. |
| Claude Desktop (config file) | Reaches the hosted server through the mcp-remote bridge, or runs the local server — both with a PAT. See Method C. |
Method A — OAuth sign-in (claude.ai)
claude.ai's custom-connector picker speaks MCP + OAuth 2.1, so connecting is paste a URL and sign in— no token anywhere. Claude discovers MDflow's authorization server and registers itself automatically (Dynamic Client Registration), so every OAuth field stays blank.
Open the connector settings
In claude.ai, open Settings → Connectors (in some builds this lives under Customize → Connectors). Click Add → Add custom connector.
Fill in the dialog
Only the name and URL matter. Leave the advanced OAuth fields empty — Claude fills them in for you.
| Field | What to enter |
|---|---|
| Name | Anything, e.g. MDflow |
| Remote MCP server URL | https://mdflow.cz/api/mcp |
| OAuth Client ID | leave blank |
| OAuth Client Secret | leave blank |
Name
Remote MCP server URL
▸ Advanced settings — OAuth Client ID / Secret: leave blank
Connect and sign in
Click Add, then Connect. Claude sends you to MDflow. Sign in if you aren't already — if you're signed out you land on /login first and are returned to the consent screen automatically.
Approve the consent screen
MDflow shows exactly what Claude is asking for. Review it and click Approve.
Authorize Claude
Claude wants to connect to your MDflow account.
This will allow Claude to:
- •Confirm your identity
- •See your email address
- •See your name and avatar
- •Full access to read and modify your MDflow documents (Pro plan required for API access).
Use it in a conversation
The connector shows Connected with the full MDflow tool set. Enable it in a chat and ask. The first call to each tool asks for your approval — choose Always allow to stop the prompts for that tool.
/api/mcp returns 401 with a WWW-Authenticate challenge pointing at /.well-known/oauth-protected-resource(RFC 9728). Claude discovers the authorization server, registers via Dynamic Client Registration, runs the OAuth 2.1 authorization-code + PKCE flow through MDflow's consent page, and calls the API with the issued JWT. Nothing is pasted by hand.Method B — Claude Code (CLI)
Claude Code connects to the hosted server in one command. You can authenticate with a browser OAuth sign-in or a Personal Access Token — pick one.
OAuth — add the server, then authenticate
Add the server without a header, then run /mcp inside Claude Code and choose Authenticate for mdflow. Your browser opens the same MDflow consent screen as Method A.
claude mcp add --transport http mdflow https://mdflow.cz/api/mcpOr PAT — pass the token as a header
Prefer a static token? Create a Personal Access Token (it starts with mdf_) and pass it in the Authorization header.
claude mcp add --transport http mdflow https://mdflow.cz/api/mcp \
--header "Authorization: Bearer mdf_your_token_here"Method C — Claude Desktop
Claude Desktop reads MCP servers from its config file. It can reach the hosted server through the mcp-remote stdio bridge, or run the local server on your machine. Both use a Personal Access Token and require Node.js. Open the config from Settings → Developer → Edit Config.
{
"mcpServers": {
"mdflow": {
"command": "npx",
"args": [
"mcp-remote",
"https://mdflow.cz/api/mcp",
"--header",
"Authorization:Bearer mdf_your_token_here"
]
}
}
}{
"mcpServers": {
"mdflow": {
"command": "node",
"args": ["/absolute/path/to/mdflow-mcp/server.mjs"],
"env": { "MDFLOW_API_TOKEN": "mdf_your_token_here" }
}
}
}The local server download and full setup live in the MCP documentation. Restart Claude Desktop after editing the config so it picks up the change.
Troubleshooting
| Symptom | Cause & fix |
|---|---|
403 Pro plan required after connecting | The signed-in account is on the Free plan. Upgrade at Settings — the connection stays, calls start working. |
401 again after ~1 hour idle | OAuth access tokens expire after about an hour. The connector refreshes silently; if it can't, remove and re-add the connector. |
Consent screen sends you to /login first | Expected when you're not signed in to MDflow — sign in and you're returned to the consent screen automatically. |
| Want to revoke access | Delete the connector in Claude, or revoke the Personal Access Token from Settings. |