How do I configure OAuth with MCP clients?

can i use this with any MCP client? how do i configure oauth? or is it auto done by the mcp client?

OAuth Configuration
Authorization URL
https://www.figma.com/oauth/mcp
Token URL
https://api.figma.com/v1/oauth/token
Client ID
your-client-id
Client Secret (optional)
your-client-secret
Scopes (comma-separated)

Short answer: not with literally any MCP client. For Figma’s remote MCP server, the client needs to support Streamable HTTP remote MCP + the MCP OAuth flow, and Figma currently limits access to supported/catalog clients/integrations.

From this repo, the remote server is:

{
  "url": "https://mcp.figma.com/mcp",
  "type": "http"
}

server.json also declares it as streamable-http at https://mcp.figma.com/mcp.

##OAuth: do I configure it manually?

Usually, no. In supported clients, OAuth is handled by the MCP client.

For example:

###VS Code

{
  "servers": {
    "figma": {
      "type": "http",
      "url": "https://mcp.figma.com/mcp"
    }
  }
}

Then VS Code prompts you to authenticate / allow access.

###Cursor

{
  "mcpServers": {
    "figma": {
      "url": "https://mcp.figma.com/mcp"
    }
  }
}

Then click Connect / authenticate in Cursor.

###Claude Code

claude mcp add --transport http figma https://mcp.figma.com/mcp

Then authenticate via /mcp.

###Gemini CLI

The repo’s gemini-extension.json has:

{
  "mcpServers": {
    "figma": {
      "httpUrl": "https://mcp.figma.com/mcp",
      "oauth": {
        "enabled": true
      }
    }
  }
}

Then run:

/mcp auth figma

##About the OAuth fields you pasted

Those fields:

Authorization URL: https://www.figma.com/oauth/mcp
Token URL: https://api.figma.com/v1/oauth/token
Client ID: your-client-id
Client Secret: optional
Scopes: comma-separated

are only useful if your MCP client has a manual OAuth setup UI and is actually supported/able to complete Figma’s MCP OAuth flow.

Important caveats:

• Don’t use a normal Figma REST API OAuth app and expect it to work with MCP.
• Don’t use a Personal Access Token.
• The MCP endpoint requires MCP-specific auth, commonly involving the mcp:connect scope.
• Figma has said that mcp:connect is not available to general third-party OAuth apps right now; MCP access is limited to supported clients/integrations.
• If your client asks you to invent/provide a client_id and client_secret, that’s a sign it may not support the required MCP OAuth flow or Figma may not allow that client yet.

So the practical setup is:

{
  "mcpServers": {
    "figma": {
      "url": "https://mcp.figma.com/mcp"
    }
  }
}

Then let the MCP client handle OAuth. If it cannot prompt you to sign in to Figma / “Allow access”, that client probably won’t work with the remote Figma MCP server today.

gotcha.

Figma currently limits access to supported/catalog clients/integrations

how come? they do it in their server? is there a workaround?

Yes — the restriction is enforced server-side by Figma, not by this repo’s config.

There are two places it can be enforced:

1. Figma OAuth authorization server

   • Unsupported/general OAuth apps can’t request the MCP scope, e.g. mcp:connect.
   • People trying this with regular Figma OAuth apps have reported Invalid scopes for app.

2. Figma MCP resource server

   • https://mcp.figma.com/mcp expects a valid Bearer token with the right MCP scope/audience/client authorization.
   • If the client is not one Figma allows, the MCP endpoint won’t accept the token even if the transport is technically correct.

So it’s not just “does your MCP client speak Streamable HTTP?” It also has to be allowed through Figma’s MCP OAuth path.

##Why do they limit it?

Figma hasn’t published all internal reasoning, but the docs frame MCP as a supported-client rollout. Likely reasons:

• MCP gives agents access to sensitive design data.
• Some tools can write to Figma canvas.
• OAuth + remote MCP client behavior is still evolving.
• They want to validate client UX/security before letting arbitrary tools connect.
• Rate limits, abuse controls, and plan/seat enforcement are easier with known clients.

The current developer docs explicitly say only clients in the Figma MCP Catalog, like VS Code, Cursor, Claude Code, etc., can connect to the remote Figma MCP server, and new client developers should join the waitlist.

##Is there a workaround?

For the remote server, not really — not a clean/supported one.

You generally cannot bypass it by:

• creating your own Figma OAuth app,
• manually entering the OAuth URLs,
• using a Personal Access Token,
• proxying through another endpoint,
• reusing a token from another client.

Those approaches are likely to fail, violate expectations/terms, or break unpredictably.

##Legit options

###1. Use a supported client

Use one from the Figma MCP catalog: VS Code, Cursor, Claude Code, Codex, Gemini CLI, etc.

###2. Use the desktop/local MCP server

If your account/plan supports it, the desktop server runs through the Figma desktop app at:

http://127.0.0.1:3845/mcp

Config usually looks like:

{
  "mcpServers": {
    "figma-desktop": {
      "url": "http://127.0.0.1:3845/mcp"
    }
  }
}

This can work with other MCP clients that support HTTP MCP because auth is effectively handled by the signed-in Figma desktop app. But it has a narrower feature set; some features are remote-only, like write-to-canvas.

###3. Build your own MCP server backed by Figma REST API

If your goal is “let my custom MCP client read Figma files,” you can build your own MCP server and use Figma’s normal REST API/OAuth/PAT. But that is not the same as using Figma’s hosted MCP server, and you won’t get all Figma MCP-specific tools/features.

###4. Join the Figma MCP catalog/waitlist

If you’re building an MCP client or integration, this is the official path.

So: yes, it’s enforced by Figma’s OAuth/MCP servers; no, there’s no supported bypass for the remote server; use a supported client, the local desktop MCP server, or build your own MCP layer on top of the REST API.