$cat connect/claude.md

Connect Claude.

OAuth · PAT

Give Claude a live connection to your markdown workspace over the Model Context Protocol. Claude can then read your documents, use folder descriptions as context, and create, update, and organise notes — instead of you pasting the same background into every chat.

There are two ways to authenticate, and this page covers both:

  • OAuth sign-in — the easiest path for claude.ai (web and desktop) custom connectors. You paste one URL and sign in; there is no token to create or copy.
  • Personal Access Token (PAT) — for Claude Code, Claude Desktop, and the local MCP server, which send their own Authorization header.

Both require an MDflow Pro account — all API and MCP access is Pro-gated. OAuth is currently in beta; the token path is a fully supported fallback everywhere.

$which claude

Which Claude are you connecting?

FieldWhat to enter
claude.ai (web / desktop app)Use OAuth — add a custom connector and sign in. See Method A.
Claude Code (CLI)One command with a browser OAuth sign-in, or a PAT header. See Method B.
Claude Desktop (config file)Reaches the hosted server through the mcp-remote bridge, or runs the local server — both with a PAT. See Method C.
$open https://mdflow.cz/api/mcp

Method A — OAuth sign-in (claude.ai)

claude.ai's custom-connector picker speaks MCP + OAuth 2.1, so connecting is paste a URL and sign in— no token anywhere. Claude discovers MDflow's authorization server and registers itself automatically (Dynamic Client Registration), so every OAuth field stays blank.

1Paste MCP URL in Claude
2Client discovers MDflow & self-registers
3Sign in to MDflow
4Approve consent screen
5Connected — tools appear
1

Open the connector settings

In claude.ai, open Settings → Connectors (in some builds this lives under Customize → Connectors). Click AddAdd custom connector.

2

Fill in the dialog

Only the name and URL matter. Leave the advanced OAuth fields empty — Claude fills them in for you.

FieldWhat to enter
NameAnything, e.g. MDflow
Remote MCP server URLhttps://mdflow.cz/api/mcp
OAuth Client IDleave blank
OAuth Client Secretleave blank
claude.ai — Add custom connector

Name

MDflow

Remote MCP server URL

https://mdflow.cz/api/mcp

▸ Advanced settings — OAuth Client ID / Secret: leave blank

CancelAdd
Illustration — the Add custom connector dialog.
3

Connect and sign in

Click Add, then Connect. Claude sends you to MDflow. Sign in if you aren't already — if you're signed out you land on /login first and are returned to the consent screen automatically.

4

Approve the consent screen

MDflow shows exactly what Claude is asking for. Review it and click Approve.

mdflow.cz/oauth/consent
$

Authorize Claude

Claude wants to connect to your MDflow account.

This will allow Claude to:

  • Confirm your identity
  • See your email address
  • See your name and avatar
  • Full access to read and modify your MDflow documents (Pro plan required for API access).
DenyApprove
Illustration — MDflow's consent screen, the one step every sign-in passes through. Click Approve to finish connecting.
5

Use it in a conversation

The connector shows Connected with the full MDflow tool set. Enable it in a chat and ask. The first call to each tool asks for your approval — choose Always allow to stop the prompts for that tool.

>What does my workspace say about onboarding?
>Create a document called meeting-notes.md in my Projects folder.
Under the hood: A tokenless request to /api/mcp returns 401 with a WWW-Authenticate challenge pointing at /.well-known/oauth-protected-resource(RFC 9728). Claude discovers the authorization server, registers via Dynamic Client Registration, runs the OAuth 2.1 authorization-code + PKCE flow through MDflow's consent page, and calls the API with the issued JWT. Nothing is pasted by hand.
$claude mcp add

Method B — Claude Code (CLI)

Claude Code connects to the hosted server in one command. You can authenticate with a browser OAuth sign-in or a Personal Access Token — pick one.

1

OAuth — add the server, then authenticate

Add the server without a header, then run /mcp inside Claude Code and choose Authenticate for mdflow. Your browser opens the same MDflow consent screen as Method A.

Claude Code — OAuthrun in your project, then /mcp → Authenticate
$bash
claude mcp add --transport http mdflow https://mdflow.cz/api/mcp
2

Or PAT — pass the token as a header

Prefer a static token? Create a Personal Access Token (it starts with mdf_) and pass it in the Authorization header.

Claude Code — Personal Access Tokenone command, applies to the current project
$bash
claude mcp add --transport http mdflow https://mdflow.cz/api/mcp \
  --header "Authorization: Bearer mdf_your_token_here"
Security: Keep the token in your client config, never in a chat prompt or tool argument — MDflow's server refuses to accept it as a tool parameter. Tokens grant workspace-level access, including write, delete, and sharing, and can be revoked anytime from Settings.
$edit claude_desktop_config.json

Method C — Claude Desktop

Claude Desktop reads MCP servers from its config file. It can reach the hosted server through the mcp-remote stdio bridge, or run the local server on your machine. Both use a Personal Access Token and require Node.js. Open the config from Settings → Developer → Edit Config.

Hosted server via mcp-remote~/Library/Application Support/Claude/claude_desktop_config.json (macOS) · %APPDATA%\\Claude\\claude_desktop_config.json (Windows)
$json
{
  "mcpServers": {
    "mdflow": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "https://mdflow.cz/api/mcp",
        "--header",
        "Authorization:Bearer mdf_your_token_here"
      ]
    }
  }
}
Local stdio serverdownload the server first — see the MCP docs
$json
{
  "mcpServers": {
    "mdflow": {
      "command": "node",
      "args": ["/absolute/path/to/mdflow-mcp/server.mjs"],
      "env": { "MDFLOW_API_TOKEN": "mdf_your_token_here" }
    }
  }
}

The local server download and full setup live in the MCP documentation. Restart Claude Desktop after editing the config so it picks up the change.

$man troubleshooting

Troubleshooting

Claude connection troubleshooting: symptoms and fixes
SymptomCause & fix
403 Pro plan required after connectingThe signed-in account is on the Free plan. Upgrade at Settings — the connection stays, calls start working.
401 again after ~1 hour idleOAuth access tokens expire after about an hour. The connector refreshes silently; if it can't, remove and re-add the connector.
Consent screen sends you to /login firstExpected when you're not signed in to MDflow — sign in and you're returned to the consent screen automatically.
Want to revoke accessDelete the connector in Claude, or revoke the Personal Access Token from Settings.