To add your DenkOps connector to Claude, open the connectors section of Claude's settings, add a custom connector, and paste your server's URL: https://<slug>.denkops.host/mcp. Claude discovers the OAuth flow on its own, sends you through a login and consent screen, and your tools appear in the chat interface. No OAuth app to register, no keys to paste.
This post assumes you already deployed the MCP starter with "connector": true in denkops.json. If not, start with deploying your first MCP server and the one-flag OAuth setup.
How do I add the connector in Claude?
Claude on the web and in the desktop app both accept remote MCP servers as custom connectors. The menus move around between releases, so in general terms:
- Open settings and find the connectors area.
- Choose to add a custom connector.
- Give it a name and paste
https://<slug>.denkops.host/mcpas the URL. - Claude asks you to connect. Approve, and a browser window opens the hosted login and consent screen at connect.denkops.com.
- Sign in, review what you are granting, and approve.
That is the whole setup. Back in Claude, the connector shows as connected and its tools become available in conversations. Claude will typically ask for permission the first time it wants to call one of your tools.
What happens during the OAuth step?
Everything Claude needs is served from your connector's domain, by the platform, not by your code:
- Claude fetches OAuth discovery metadata and learns where to register and authorize.
- It registers itself through dynamic client registration. You never create an OAuth app or handle a client secret.
- You sign in and approve on the hosted consent screen.
- Claude receives a token and starts calling tools over
/mcp.
Your tool handlers only ever see authorized calls. The full flow is covered in "connector: true" is a full OAuth stack in one flag.
Who can complete the consent screen?
Whoever you decide. Every connector project has an owner-controlled access policy, set in the project's Access tab in the dashboard:
- Public: anyone who completes the OAuth login can connect.
- Allowed emails: only the listed addresses get past the login. Everyone else is refused at the consent step, before a single tool call reaches your code.
That means you can hand the same URL to your whole team, or publish it in your docs, and still control exactly who ends up with working tools. Grants are auditable, so you can answer "who can reach this connector" later.
Using the tools in a chat
Once connected, just ask for what the tool does. Claude reads your tool descriptions and input schemas from the server, decides when a tool is relevant, and calls it. Clear descriptions matter more than clever names: they are the only interface Claude sees. If a tool never gets picked, sharpen its description and redeploy; the connector URL stays the same.
The same URL works everywhere
The DenkOps side of this never changes: one URL, hosted OAuth, dynamic client registration, an access list you control. Only the "where do I paste it" step differs per client. Same server, next client: Claude Code, ChatGPT, and OpenAI Codex.