Claude.ai custom connectors require full OAuth 2.1. FastMCP gives you an in-memory test provider (useless in prod) or a proxy that requires Google/GitHub/Auth0 as an identity provider. I didn't want to set up Auth0 for a server only I use.
So I wrote a single-file auth provider. No external services, no third-party accounts — just a Python file you drop next to your server. It handles DCR, PKCE, and token persistence. Redirect URIs are locked to claude.ai and localhost, so open client registration (which Claude.ai requires) doesn't become an open door.
Things that bit me that I couldn't find documented anywhere:
- FastAPI's BaseHTTPMiddleware silently breaks streaming responses - Tools named add_memory or search get shadowed by Claude's built-in memory — you have to prefix them distinctively - Neon Postgres (and probably other serverless DBs) drops idle connections; a single connection at startup will randomly start failing after a few minutes - DCR is disabled by default in FastMCP — without it /register returns 404 and Claude.ai silently fails to connect with no error
One file, MIT licensed: github.com/crumrine/fastmcp-personal-auth