PassportMCP

PassportMCP – Seamless Browser‑Based Authentication for MCP Servers

PassportMCP is a lightweight framework that lets developers turn any website into an MCP server without writing custom authentication logic. By leveraging a Chrome extension that captures the browser’s current auth state, PassportMCP automatically injects the correct cookies and headers into every outbound request. This means that once a user logs in through their usual browser session, the MCP server can access protected endpoints just as if it were a native API client—no developer token, no rate limits, and no additional approval steps.

The core value proposition is simplicity for developers who need to integrate web services into AI assistants. Traditional approaches often involve hunting for public APIs, dealing with OAuth flows, or navigating strict rate limits. PassportMCP bypasses these hurdles by reusing the credentials already stored in the user’s browser, keeping all sensitive data on the local machine. The result is a secure, instant connection that behaves like any standard MCP tool while preserving the user’s existing login session.

Key capabilities include:

• Automatic auth syncing – The Chrome extension continuously monitors network requests and forwards the latest authentication tokens to a native host, which then supplies them to the SDK.
• Universal website support – No special API endpoints are required; any site that authenticates via cookies or headers can be wrapped.
• MCP tool creation – With the high‑level SDK, developers can define async tools that perform HTTP requests against the target site and expose the results to an AI assistant.
• Low‑level client – The HTTP client offers a straightforward way to make authenticated requests without the overhead of MCP tooling, ideal for scripts or background jobs.
• Local credential safety – All tokens are stored locally and never transmitted to external services, maintaining user privacy.

Typical use cases span from data extraction (e.g., pulling a LinkedIn profile graph or Twitter timeline) to automating interactions with SaaS dashboards that lack public APIs. In an AI workflow, a developer can expose these tools to a Claude or Gemini assistant, enabling natural‑language queries that trigger real‑time browser‑authenticated requests. The server’s ability to stay in sync with the user’s session also means that logouts, password changes, or two‑factor prompts are handled transparently.

Overall, PassportMCP offers a pragmatic bridge between web applications and AI assistants, turning everyday browser sessions into programmable data sources with minimal friction.