ð Documentation ⢠ð Getting Started ⢠ð» Supported Tools ⢠ð¬ Feedback
MCP (Model Context Protocol) is an open protocol introduced by Anthropic that standardizes how large language models communicate with external tools, resources or remote services.
â Beta Feature Notice: This feature is currently in Beta. Please use with caution when calling tools, as functionality may be unstable or subject to change.
The Auth0 MCP Server integrates with LLMs and AI agents, allowing you to perform various Auth0 management operations using natural language. For instance, you could simply ask Claude to perform Auth0 management operations:
Create a new Auth0 app and get the domain and client ID
Create and deploy a new Auth0 action to generate a JWT token
Could you check Auth0 logs for logins from 192.108.92.3 IP address?
Prerequisites:
Install Auth0 MCP Server and configure it to work with your preferred MCP client. The --tools parameter specifies which tools should be available (defaults to * if not provided).
Claude Desktop with all tools
npx @auth0/auth0-mcp-server init
Claude Desktop with read-only tools
npx @auth0/auth0-mcp-server init --tools 'auth0_list_*,auth0_get_*'
Windsurf
npx @auth0/auth0-mcp-server init --client windsurf
Cursor
npx @auth0/auth0-mcp-server init --client cursor
With limited tools access
npx @auth0/auth0-mcp-server init --client cursor --tools 'auth0_list_applications,auth0_get_application'
Other MCP Clients
To use Auth0 MCP Server with any other MCP Client, you can manually add this configuration to the client and restart for changes to take effect:
{
"mcpServers": {
"auth0": {
"command": "npx",
"args": ["-y", "@auth0/auth0-mcp-server", "run"],
"capabilities": ["tools"],
"env": {
"DEBUG": "auth0-mcp"
}
}
}
}
You can add --tools '<pattern>' to the args array to control which tools are available. See Security Best Practices for recommended patterns.
Your browser will automatically open to initiate the OAuth 2.0 device authorization flow. Log into your Auth0 account and grant the requested permissions.
[!NOTE] Credentials are securely stored in your system's keychain. You can optionally verify storage through your keychain management tool. Checkout Authentication for more info.
Restart your MCP Client(Claude, Windsurf, Cursor, etc...) and ask it to help you manage your Auth0 tenant
The Auth0 MCP Server provides the following tools for Claude to interact with your Auth0 tenant:
Tool Description Usage Examplesauth0_list_applications List all applications in the Auth0 tenant or search by name - Show me all my Auth0 applications
Find applications with 'api' in their name
What applications do I have in my Auth0 tenant? auth0_get_application Get details about a specific Auth0 application - Show me details for the application called 'Customer Portal'
Get information about my application with client ID abc123
What are the callback URLs for my 'Mobile App'? auth0_create_application Create a new Auth0 application - Create a new single-page application called 'Analytics Dashboard'
Set up a new native mobile app called 'iOS Client'
Create a machine-to-machine application for our background service auth0_update_application Update an existing Auth0 application - Update the callback URLs for my 'Web App' to include https://staging.example.com/callback
Change the logout URL for the 'Customer Portal'
Add development environment metadata to my 'Admin Dashboard' application Tool Description Usage Examples auth0_list_resource_servers List all resource servers (APIs) in the Auth0 tenant - Show me all the APIs in my Auth0 tenant
List my resource servers
What APIs have I configured in Auth0? auth0_get_resource_server Get details about a specific Auth0 resource server - Show me details for the 'User API'
What scopes are defined for my 'Payment API'?
Get information about the resource server with identifier https://api.example.com" auth0_create_resource_server Create a new Auth0 resource server (API) - Create a new API called 'Inventory API' with read and write scopes
Set up a resource server for our customer data API
Create an API with the identifier https://orders.example.com" auth0_update_resource_server Update an existing Auth0 resource server - Add an 'admin' scope to the 'User API'
Update the token lifetime for my 'Payment API' to 1 hour
Change the signing algorithm for my API to RS256 Tool Description Usage Examples auth0_list_actions List all actions in the Auth0 tenant - Show me all my Auth0 actions
What actions do I have configured?
List the actions in my tenant auth0_get_action Get details about a specific Auth0 action - Show me the code for my 'Enrich User Profile' action
Get details about my login flow action
What does my 'Add Custom Claims' action do? auth0_create_action Create a new Auth0 action - Create an action that adds user roles to tokens
Set up an action to log failed login attempts
Create a post-login action that checks user location auth0_update_action Update an existing Auth0 action - Update my 'Add Custom Claims' action to include department information
Modify the IP filtering logic in my security action
Fix the bug in my user enrichment action auth0_deploy_action Deploy an Auth0 action - Deploy my 'Add Custom Claims' action to production
Make my new security action live
Deploy the updated user enrichment action Tool Description Usage Examples auth0_list_logs List logs from the Auth0 tenant - Show me recent login attempts
Find failed logins from the past 24 hours
Get authentication logs from yesterday
Show me successful logins for user john@example.com auth0_get_log Get a specific log entry by ID - Show me details for log entry abc123
Get more information about this failed login attempt
What caused this authentication error? Tool Description Usage Examples auth0_list_forms List all forms in the Auth0 tenant - Show me all my Auth0 forms
What login forms do I have configured?
List the custom forms in my tenant auth0_get_form Get details about a specific Auth0 form - Show me the details of my 'Corporate Login' form
What does my password reset form look like?
Get the configuration for my signup form auth0_create_form Create a new Auth0 form - Create a new login form with our company branding
Set up a custom signup form that collects department information
Create a password reset form with our logo auth0_update_form Update an existing Auth0 form - Update the colors on our login form to match our new brand guidelines
Add a privacy policy link to our signup form
Change the logo on our password reset form auth0_publish_form Publish an Auth0 form - Publish my updated login form
Make the new signup form live
Deploy the password reset form to production ð Security Best Practices for Tool Access
When configuring the Auth0 MCP Server, it's important to follow security best practices by limiting tool access based on your specific needs. The server provides flexible configuration options that let you control which tools AI assistants can access.
You can easily restrict tool access using the --tools flag when starting the server:
# Enable only read-only operations npx @auth0/auth0-mcp-server run --tools 'auth0_list_*,auth0_get_*' # Limit to just application-related tools npx @auth0/auth0-mcp-server run --tools 'auth0_*_application*' # Restrict to only log viewing capabilities npx @auth0/auth0-mcp-server run --tools 'auth0_list_logs,auth0_get_log' # Run the server with all tools enabled npx @auth0/auth0-mcp-server run --tools '*'
This approach offers several important benefits:
Enhanced Security: By limiting available tools to only what's needed, you reduce the potential attack surface and prevent unintended modifications to your Auth0 tenant.
Better Performance: Providing fewer tools to AI assistants actually improves performance. When models have access to many tools, they use more of their context window to reason about which tools to use. With a focused set of tools, you'll get faster and more relevant responses.
Resource-Based Access Control: You can configure different instances of the MCP server with different tool sets based on specific needs - development environments might need full access, while production environments could be limited to read operations only.
Simplified Auditing: With limited tools, it's easier to track which operations were performed through the AI assistant.
For most use cases, start with the minimum set of tools needed and add more only when required. This follows the principle of least privilege - a fundamental security best practice.
The Auth0 MCP Server implements the Model Context Protocol, allowing Claude to:
The server handles authentication, request validation, and secure communication with the Auth0 Management API.
[!NOTE] The server operates as a local process that connects to Claude Desktop, enabling secure communication without exposing your Auth0 credentials.
The Auth0 MCP Server uses the Auth0 Management API and requires authentication to access your Auth0 tenant.
To authenticate the MCP Server:
npx @auth0/auth0-mcp-server init
This will start the device authorization flow, allowing you to log in to your Auth0 account and select the tenant you want to use.
[!IMPORTANT] The
initcommand needs to be run whenever:
- You're setting up the MCP Server for the first time
- You've logged out from a previous session
- You want to switch to a different tenant
- Your token has expired
To see information about your current authentication session:
npx @auth0/auth0-mcp-server session
For security best practices, always use the logout command when you're done with a session:
npx @auth0/auth0-mcp-server logout
This ensures your authentication tokens are properly removed from the system keychain.
The server uses OAuth 2.0 device authorization flow for secure authentication with Auth0. Your credentials are stored securely in your system's keychain and are never exposed in plain text.
When encountering issues with the Auth0 MCP Server, several troubleshooting options are available to help diagnose and resolve problems.
Start troubleshooting by exploring all available commands and options:
npx @auth0/auth0-mcp-server help
export DEBUG=auth0-mcp[!TIP] Debug mode is particularly useful when troubleshooting connection or authentication issues.
The server provides an interactive scope selection interface during initialization:
Interactive Selection: Navigate with arrow keys and toggle selections with spacebar
No Default Scopes: By default, no scopes are selected for maximum security
Glob Pattern Support: Quickly select multiple related scopes with patterns:
# Select all read scopes npx @auth0/auth0-mcp-server init --scopes 'read:*' # Select multiple scope patterns (comma-separated) npx @auth0/auth0-mcp-server init --scopes 'read:*,create:clients,update:actions'
[!NOTE] Selected scopes determine what operations the MCP server can perform on your Auth0 tenant.
To use Auth0 MCP Server with any other MCP Client, you can add this configuration to the client and restart for changes to take effect:
{
"mcpServers": {
"auth0": {
"command": "npx",
"args": ["-y", "@auth0/auth0-mcp-server", "run"],
"capabilities": ["tools"],
"env": {
"DEBUG": "auth0-mcp"
}
}
}
}
[!NOTE]
You can manually update if needed or if any unexpected errors occur during the npx init command.
Authentication Failures
npx @auth0/auth0-mcp-server initClaude Can't Connect to the Server
ps aux | grep auth0-mcpAPI Errors or Permission Issues
export DEBUG=auth0-mcpnpx @auth0/auth0-mcp-server init --scopes 'read:*,update:*,create:*'[!TIP] Most connection issues can be resolved by restarting both the server and Claude Desktop.
Enable debug mode to view detailed logs:
Get detailed MCP Client logs from Claude Desktop:
# Follow logs in real-time tail -n 20 -F ~/Library/Logs/Claude/mcp*.log
For advanced troubleshooting, use the MCP Inspector:
npx @modelcontextprotocol/inspector -e DEBUG='auth0-mcp' @auth0/auth0-mcp-server run
For detailed MCP Server logs, run the server in debug mode:
DEBUG=auth0-mcp npx @auth0/auth0-mcp-server run
# Clone the repository git clone https://github.com/auth0/auth0-mcp-server.git cd auth0-mcp-server # Install dependencies npm install # Build the project npm run build # Initiate device auth flow npx . init # Configure your MCP client(Claude Desktop) with MCP server path npm run local-setup # Restart MCP client, in this case claude desktop app
[!NOTE] This server requires Node.js v18 or higher.
The Auth0 MCP Server prioritizes security:
read:*)logout command when no longer needed[!IMPORTANT] For security best practices, always use
npx @auth0/auth0-mcp-server logoutwhen you're done with a session or switching between tenants. This ensures your authentication tokens are properly removed from the system keychain.
Anonymized Analytics Disclosure[!CAUTION] Always review the permissions requested during the authentication process to ensure they align with your security requirements.
Anonymized data points are collected during the use of this MCP server. This data includes the MCP version, operating system, timestamp, and other technical details that do not personally identify you.
Auth0 uses this data to better understand the usage of this tool to prioritize the features, enhancements and fixes that matter most to our users.
To opt-out of this collection, set the AUTH0_MCP_ANALYTICS environment variable to false.
We appreciate feedback and contributions to this project! Before you get started, please see:
To provide feedback or report a bug, please raise an issue on our issue tracker.
Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
This project is licensed under the MIT license. See the LICENSE file for more info.
Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4