Schoology MCP Cloudflare Workers

Schoology MCP on Cloudflare Workers

Remote MCP server for the Schoology API.

This project wraps the Schoology REST API behind MCP tools and uses the Worker's OAuth flow only to configure each MCP connection. The person connecting the MCP client enters their own Schoology client ID and client secret in the browser during authorization. Nothing is hardcoded into the repo.

How auth works

There are two separate auth layers here:

  1. MCP client -> this Worker

The Worker uses @cloudflare/workers-oauth-provider so remote MCP clients can connect over HTTP.

  1. This Worker -> Schoology

During the MCP authorization screen, the user provides:

  • Schoology client ID
  • Schoology client secret
  • optional connection label
  • optional API base URL override

Those values are stored as OAuth grant props for that MCP connection and then reused by the MCP tools when they sign Schoology requests.

The Schoology API itself is called with two-legged OAuth 1.0 using PLAINTEXT, which Schoology explicitly documents as acceptable over HTTPS.

Included tools

  • schoology_connection_info: shows the configured connection metadata without revealing the secret
  • schoology_get_me: calls GET /users/me
  • schoology_request: generic signed Schoology API request tool for arbitrary endpoints

Schoology caveat

Schoology documents an authentication change that took effect on June 25, 2025:

  • personal API keys cannot access other user data
  • unpublished or school-only apps continue to work within the same school
  • unapproved third-party apps can receive 401 when accessing users in other schools

If valid credentials still fail with 401, check whether the Schoology app/key is allowed for the target school context.

Local development

npm install
npx wrangler kv namespace create OAUTH_KV

Add the returned KV namespace ID to wrangler.jsonc, then run:

npx wrangler dev

Open http://localhost:8787/ to confirm the Worker is up.

Connect from MCP Inspector

npx @modelcontextprotocol/inspector@latest

Use:

  • Transport: Streamable HTTP or SSE
  • URL: http://localhost:8787/mcp

When prompted in the browser:

  1. enter the Schoology client ID
  2. enter the Schoology client secret
  3. approve the MCP connection

After that, the Inspector can call the Schoology tools with those stored credentials.

Connect from Claude Desktop

{
	"mcpServers": {
		"schoology": {
			"command": "npx",
			"args": ["mcp-remote", "http://localhost:8787/mcp"]
		}
	}
}

For a deployed Worker, replace the URL with your workers.dev hostname.

Deployment

npx wrangler deploy

Example prompts

  • Use schoology_get_me and tell me who this Schoology connection belongs to.
  • Use schoology_request to list my sections with path users/me/sections.
  • Use schoology_request to inspect the OPTIONS metadata for sections/123/assignments.

Notes on implementation

  • Requests send Accept: application/json and JSON request bodies where provided.
  • Redirects are handled manually so redirected requests get a fresh nonce/timestamp and a newly signed OAuth header.
  • Full URLs are intentionally rejected by schoology_request; only relative Schoology API paths are allowed.