Claude.ai Web Connectors

Claude.ai custom connectors use a remote MCP server over HTTPS. For PING8, use workonward-mcp in http transport with oauth auth.

Connector URL:

https://mcp.gitdate.ink/mcp

References: Claude custom connectors (opens in a new tab) and MCP authorization (opens in a new tab).

Requirements

  • A public DNS name, such as mcp.gitdate.ink.
  • HTTPS termination at that hostname.
  • Inbound access from Claude's cloud infrastructure.
  • WORKONWARD_MCP_AUTH=oauth.
  • At least one allowed OAuth login email.
  • A narrow recipient allowlist and dry-run enabled for the first verification.

Environment

export WORKONWARD_API_KEY="YOUR_API_KEY"
export WORKONWARD_BASE_URL="https://mail.gitdate.ink"
export WORKONWARD_MCP_TRANSPORT=http
export WORKONWARD_MCP_AUTH=oauth
export WORKONWARD_MCP_HTTP_HOST=127.0.0.1
export WORKONWARD_MCP_HTTP_PORT=8765
export WORKONWARD_MCP_OAUTH_ISSUER=https://mcp.gitdate.ink
export WORKONWARD_MCP_OAUTH_SIGNING_KEY="$(openssl rand -hex 32)"
export WORKONWARD_MCP_OAUTH_ALLOWED_EMAILS="you@gitdate.ink,teammate@gitdate.ink"
export WORKONWARD_MCP_RECIPIENT_ALLOWLIST='@gitdate\.ink$'
export WORKONWARD_MCP_BEHIND_PROXY=1
export WORKONWARD_MCP_DRY_RUN=1
export WORKONWARD_MCP_AUDIT_LOG_PATH=/var/log/workonward-mcp/audit.jsonl

Use WORKONWARD_MCP_BEHIND_PROXY=1 when a reverse proxy terminates TLS. Use WORKONWARD_MCP_TLS_OK=1 only for local cleartext development.

Start The Server

From source:

cd SDK/mcp
python -m venv .venv
source .venv/bin/activate
pip install -e .
python -m workonward_mcp

With Docker compose from the MCP package:

cd SDK
cp mcp/.env.example .env
# Fill the OAuth, API key, allowlist, and dry-run values.
docker compose -f mcp/docker-compose.yml up -d

Sanity checks:

curl -fsSL https://mcp.gitdate.ink/.well-known/oauth-authorization-server
curl -fsSL https://mcp.gitdate.ink/.well-known/oauth-protected-resource/mcp

Add The Connector

For individual Pro or Max accounts:

  1. Open Claude.ai.
  2. Go to Customize then Connectors.
  3. Click + then Add custom connector.
  4. Enter https://mcp.gitdate.ink/mcp.
  5. Complete the OAuth flow.

For Team and Enterprise plans:

  1. An owner opens Organization settings then Connectors.
  2. Click Add.
  3. Choose Custom then Web.
  4. Enter https://mcp.gitdate.ink/mcp.
  5. Add optional advanced OAuth client settings only if your deployment requires fixed client credentials.
  6. Members then connect from Customize then Connectors.

OAuth Login Flow

  1. Claude fetches the server metadata.
  2. Claude registers a client through Dynamic Client Registration.
  3. Claude opens the authorization URL.
  4. The user enters an email allowed by WORKONWARD_MCP_OAUTH_ALLOWED_EMAILS.
  5. The server prints a six-digit code to stderr by default.
  6. The user enters the code in the browser.
  7. Claude exchanges the auth code for tokens and calls tools/list.

The default code delivery is intentionally simple. If you replace it with emailed codes later, keep login-code sends separate from production marketing sends and test with dry-run first.

First Verification

Ask Claude:

Use the PING8 connector to validate person@gitdate.ink and blocked@example.com. Do not send email.

Then:

Use the PING8 connector to preview an email to person@gitdate.ink. Do not call send_email.

Only after previews and audit logs are correct should you set:

WORKONWARD_MCP_DRY_RUN=0

Troubleshooting

SymptomCheck
Claude cannot reach the connectorDNS, HTTPS certificate, firewall, and public inbound access
OAuth fails before loginWORKONWARD_MCP_OAUTH_ISSUER must match the public origin
Login email is rejectedAdd it to WORKONWARD_MCP_OAUTH_ALLOWED_EMAILS
Tools list succeeds but sends do not happenWORKONWARD_MCP_DRY_RUN=1 is still enabled
Existing sessions should be revokedRemove the email, restart the server, or rotate the OAuth signing key
Claude DesktopCursor