Connecting Claude Desktop
Full setup for Claude Desktop (macOS and Windows) against the MemberPass MCP server.
Requirements
- Claude Desktop 1.11 or newer.
- Node.js 18+ on your
PATH(Claude Desktop invokesnpxto launch the remote bridge). - A MemberPass personal access token carrying at minimum
mcp:fullplus any per-entity read abilities you want the assistant to exercise.
Config file location
| Platform | Path |
|---|---|
| macOS | ~/Library/Application Support/Claude/claude_desktop_config.json |
| Windows | %APPDATA%\Claude\claude_desktop_config.json |
Add the server
Claude Desktop only speaks MCP over stdio, so remote HTTP servers are reached through the mcp-remote bridge. Open the config file and merge:
{
"mcpServers": {
"memberpass": {
"url": "https://mcp.memberpass.net",
"headers": {
"Authorization": "Bearer mpt_live_YOUR_TOKEN"
}
}
}
}The memberpass key is what Claude shows in its model-internal tool list. Any identifier works, but short names make prompts easier ("use the memberpass server to...").
Keep the token inside env.AUTH_TOKEN, not inline in args. On Windows,
npx splits arguments on whitespace — embedding Bearer <token> directly
breaks the header. The ${AUTH_TOKEN} placeholder is expanded by
mcp-remote after the args are parsed, preserving the space.
Restart Claude Desktop
MCP servers are loaded at launch. After editing the config, fully quit (not just close the window) and relaunch.
Verify
Open a fresh chat and ask:
List available MCP tools.
You should see list_projects, get_project, list_plans, etc. If the list is empty or the memberpass entry is missing:
- Re-check the config file is valid JSON.
- Check Claude Desktop's MCP error panel (Developer → MCP → View logs).
- Confirm your token carries
mcp:full— without it every call will 403.
Token rotation
When the token rotates: mint a new one in MemberPass, replace the value of env.AUTH_TOKEN in the config, restart Claude Desktop. The server does not negotiate OAuth in v1 — bearer tokens only.
Security tip
Claude Desktop logs conversations locally. Tokens embedded in the config file are plaintext on disk. Treat them as you would any credential file: filesystem ACLs, not shared screen-recording software while the config is open, and rotate on laptop transfer.
How is this guide?