Repackage
MCP

Install

Connect Cursor, Claude Desktop, or any MCP-compatible client.

The Repackage MCP server is OAuth-protected. Most MCP clients support OAuth out of the box — the first connection opens your browser, you sign in, click Allow, and the client stores the access token. No manual key configuration.

Cursor

Open Cursor Settings → MCP and add:

{
  "mcpServers": {
    "repackage": {
      "url": "https://api.repackage.app/mcp"
    }
  }
}

Cursor will prompt to authenticate on first tool call. Approve in the browser, then ask the agent something like:

get the transcript for https://youtube.com/watch?v=dQw4w9WgXcQ

Claude Desktop

In ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or the equivalent on Windows / Linux:

{
  "mcpServers": {
    "repackage": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-fetch", "https://api.repackage.app/mcp"]
    }
  }
}

Claude Desktop's MCP support continues to evolve. If the snippet above doesn't connect, check the latest official guidance.

Other clients

Anything that speaks Streamable HTTP MCP and supports OAuth 2.1 should work. Point it at https://api.repackage.app/mcp. Discovery:

curl https://api.repackage.app/.well-known/oauth-protected-resource

returns the auth server metadata URL, redirect endpoints, and supported scopes.

OAuth flow

  1. Your client makes a request to https://api.repackage.app/mcp without a token.
  2. The server responds 401 with a WWW-Authenticate header pointing at https://api.repackage.app/.well-known/oauth-protected-resource.
  3. The client fetches that, learns the auth server is at https://app.repackage.app, and either uses dynamic client registration or sends the user through the auth code flow.
  4. The user signs in (if needed), sees a consent screen, clicks Allow.
  5. The client exchanges the authorization code for an access token (PKCE-S256).
  6. The client repeats the original request with Authorization: Bearer <access-token>.

Repackage's OAuth server enforces:

  • PKCE with S256 challenge method (S256 only).
  • Access tokens valid for 1 hour, refreshable for 30 days.
  • Per-scope opaque access tokens (the transcripts:read scope is what unlocks the MCP transcript tools).

Anonymous mode (dev only)

For local hacking against your own deployment, set ALLOW_ANON_MCP=true on the API server to bypass auth (rate-limited by IP). Don't ship this to production — quota and plan checks rely on a valid auth context.

Troubleshooting

  • OAuth loop: clear your client's cached MCP credentials and reconnect. The most common cause is a stale access token after a key rotation on the server.
  • feature_not_in_plan: your org is on Free and called a Pro tool. Upgrade in the dashboard.
  • plan_limit_exceeded: you've hit your monthly transcript count. Resets on the 1st UTC.

MCP server

Model Context Protocol server for pulling YouTube transcripts inside any MCP-compatible agent.

get_youtube_transcript

Fetch the transcript and metadata for a single YouTube video.

On this page

CursorClaude DesktopOther clientsOAuth flowAnonymous mode (dev only)Troubleshooting