Clients without built-in OAuth
Most MCP clients sign in with OAuth — point them at https://gateway.ansvar.eu/mcp and approve the browser login. Those recipes live on the Setup page. This page is for the clients that can't do that: ones that only accept a fixed Authorization header, or that run on a server with no browser.
A pasted token on its own won't hold — every token the gateway issues is short-lived and expires within minutes, and these clients don't refresh. The fix depends on whether your client can run a small local helper.
Clients that can run a local helper
AnythingLLM Desktop and custom scripts can launch a local command. Use mcp-remote, a community helper that performs the OAuth login and token refresh on the client's behalf and exposes the gateway as a local server. Your client talks to the helper; the helper talks to Ansvar. This removes the expiry problem entirely — it runs in OAuth mode, not as a static header.
Requires Node.js 18+. In AnythingLLM, edit plugins/anythingllm_mcp_servers.json (or Settings → Agent Skills → MCP Servers):
{
"mcpServers": {
"ansvar": {
"command": "npx",
"args": ["-y", "mcp-remote@0.1.38", "https://gateway.ansvar.eu/mcp"],
"env": {}
}
}
}On first start your browser opens to the Ansvar login; after that it reconnects on its own. For long-running unattended setups, request a longer-lived refresh with the offline_access scope:
"args": [
"-y", "mcp-remote@0.1.38", "https://gateway.ansvar.eu/mcp",
"--static-oauth-client-metadata", "{\"scope\":\"mcp:tools offline_access\"}"
]Custom code
Writing your own client? Use the MCP SDK and pass your own OAuth access token as a Bearer header to https://gateway.ansvar.eu/mcp. Obtain it via OAuth 2.1 Authorization Code + PKCE against auth.ansvar.eu/realms/ansvar, and refresh it yourself — access tokens are short-lived.
Headless and static-header-only clients
Some clients can't use the helper — they connect over HTTP with a fixed header and can't run a local command, or they run on a server with no browser for the one-time login. This includes n8n, Open WebUI, AnythingLLM in Docker, and CI/CD jobs. These need a scoped, revocable service credential rather than a browser login.
Troubleshooting
- 401 / "Authentication required" on connect — the client sent no valid login. Use the helper above, or contact us for a service credential.
- Works for a few minutes, then 401s — a static token expired. Use the helper's OAuth mode, which refreshes; don't paste a token.
- 404 at the endpoint — the MCP endpoint is
https://gateway.ansvar.eu/mcp, not the bare host. - Cryptic
node:fs/promisescrash — the client launchednpxunder an old Node. Install Node 18+ and make sure it's first on the client's PATH.