Auth0 MCP Server

Auth0 MCP server enables AI models to interact with Auth0 identity and access management platform, providing capabilities for managing applications, users, roles, and authentication flows.

GitHub starsnpm version

Overview

The Auth0 MCP Server is an official Model Context Protocol server that enables AI assistants to interact with Auth0's identity and access management platform. It provides secure access to Auth0 Management API functionality through natural language, allowing you to manage applications, APIs, actions, logs, and forms.

Official Server:

Developed and maintained by Auth0

Key Features

🔐

Secure Authentication

OAuth 2.0 Device Authorization Flow with credentials stored in system keychain

🛠️

20+ Management Tools

Comprehensive API access for applications, resource servers, actions, logs, and forms

🔒

Least Privilege Access

Read-only mode and configurable tool limiting with glob patterns

🌐

Multi-Client Support

Works with Claude Desktop, Windsurf, Cursor, VS Code, and other MCP clients

Available Tools

Quick Reference

ToolPurposeCategory
list_applicationsList all Auth0 applicationsApplications
get_applicationGet details of a specific applicationApplications
create_applicationCreate a new Auth0 applicationApplications
update_applicationUpdate an existing applicationApplications
list_resource_serversList all API resource serversResource Servers
get_resource_serverGet details of a specific APIResource Servers
create_resource_serverCreate a new API resource serverResource Servers
update_resource_serverUpdate an existing APIResource Servers
list_actionsList all Auth0 ActionsActions
get_actionGet details of a specific ActionActions
create_actionCreate a new ActionActions
update_actionUpdate an existing ActionActions
deploy_actionDeploy an Action to productionActions
list_logsQuery Auth0 tenant logsLogs
get_logGet details of a specific log entryLogs
list_formsList all Auth0 FormsForms
get_formGet details of a specific formForms
create_formCreate a new formForms
update_formUpdate an existing formForms
publish_formPublish a formForms

Detailed Usage

list_applications

List all applications in your Auth0 tenant with optional filtering and pagination.

use_mcp_tool({
  server_name: "auth0",
  tool_name: "list_applications",
  arguments: {
    per_page: 50,
    page: 0
  }
});

Returns application names, client IDs, types, and configuration details.

create_application

Create a new Auth0 application with specified type and configuration.

use_mcp_tool({
  server_name: "auth0",
  tool_name: "create_application",
  arguments: {
    name: "My SPA Application",
    app_type: "spa",
    callbacks: ["http://localhost:3000/callback"],
    allowed_origins: ["http://localhost:3000"]
  }
});

Supports SPA, regular web app, native, and M2M application types.

list_resource_servers

List all API resource servers (APIs) configured in your Auth0 tenant.

use_mcp_tool({
  server_name: "auth0",
  tool_name: "list_resource_servers",
  arguments: {}
});

Returns API identifiers, names, scopes, and token configuration.

create_resource_server

Create a new API resource server with scopes and permissions.

use_mcp_tool({
  server_name: "auth0",
  tool_name: "create_resource_server",
  arguments: {
    name: "My API",
    identifier: "https://api.example.com",
    scopes: [
      { value: "read:data", description: "Read data" },
      { value: "write:data", description: "Write data" }
    ]
  }
});

Define API scopes, token lifetime, and signing algorithms.

list_actions

List all Auth0 Actions that customize authentication flows.

use_mcp_tool({
  server_name: "auth0",
  tool_name: "list_actions",
  arguments: {
    triggerId: "post-login"
  }
});

Filter by trigger type: post-login, pre-user-registration, post-change-password, etc.

create_action

Create a new Auth0 Action with custom Node.js code.

use_mcp_tool({
  server_name: "auth0",
  tool_name: "create_action",
  arguments: {
    name: "Add Custom Claims",
    trigger_id: "post-login",
    code: `exports.onExecutePostLogin = async (event, api) => {
      api.idToken.setCustomClaim('role', 'admin');
    };`
  }
});

Extend authentication with custom logic, API calls, and data enrichment.

deploy_action

Deploy an Action to production, making it available in authentication flows.

use_mcp_tool({
  server_name: "auth0",
  tool_name: "deploy_action",
  arguments: {
    action_id: "act_abc123"
  }
});

Creates a new immutable version and activates it.

list_logs

Query Auth0 tenant logs for authentication events, errors, and activities.

use_mcp_tool({
  server_name: "auth0",
  tool_name: "list_logs",
  arguments: {
    q: "type:f",
    per_page: 100
  }
});

Filter by log type, user, date range. Type 'f' = failed login, 's' = success, 'w' = warning.

list_forms

List all Auth0 Forms for customizing login, signup, and consent screens.

use_mcp_tool({
  server_name: "auth0",
  tool_name: "list_forms",
  arguments: {}
});

Returns form configurations, custom fields, and styling options.

create_form

Create a custom form for authentication flows.

use_mcp_tool({
  server_name: "auth0",
  tool_name: "create_form",
  arguments: {
    name: "Custom Signup Form",
    nodes: [
      {
        type: "input",
        config: {
          label: "Company Name",
          name: "company",
          required: true
        }
      }
    ]
  }
});

Add custom fields, validation rules, and conditional logic.

Installation

Prerequisites

  1. Node.js 18+ installed
  2. An Auth0 account with an M2M application
  3. Auth0 Management API access

Configuration

Run the initialization command to authenticate:

npx @auth0/mcp-server init

This will:

  1. Prompt for your Auth0 domain
  2. Open your browser for OAuth authentication
  3. Store credentials securely in system keychain
  4. Add configuration to Claude Desktop config

The config will be automatically added to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "auth0": {
      "command": "npx",
      "args": ["-y", "@auth0/mcp-server"]
    }
  }
}

Read-Only Mode

For safer operations, enable read-only mode:

{
  "mcpServers": {
    "auth0": {
      "command": "npx",
      "args": ["-y", "@auth0/mcp-server", "--readonly"]
    }
  }
}

Tool Limiting

Restrict access to specific tools using glob patterns:

{
  "mcpServers": {
    "auth0": {
      "command": "npx",
      "args": [
        "-y",
        "@auth0/mcp-server",
        "--limit-tools",
        "list_*,get_*"
      ]
    }
  }
}

Security Features

OAuth 2.0 Device Authorization Flow

The Auth0 MCP server uses OAuth 2.0 Device Authorization Flow for secure authentication:

  1. Run npx @auth0/mcp-server init
  2. Browser opens with authentication prompt
  3. Grant necessary permissions to the MCP application
  4. Credentials stored in system keychain (never in config files)

Least Privilege Access

Control what AI can access through configuration:

  • Read-only mode: Prevent any write operations
  • Tool limiting: Allow only specific tools (e.g., list_* for read operations)
  • Glob patterns: Use wildcards to define tool access (e.g., get_*, list_applications)

Credential Management

  • Credentials stored in system keychain (macOS Keychain, Windows Credential Manager, Linux Secret Service)
  • No API keys or tokens in configuration files
  • Automatic token refresh handled by server
  • Revoke access anytime through Auth0 dashboard

Common Use Cases

Application Management

Create and configure Auth0 applications:

"Create a new SPA application called 'Marketing Dashboard' with callback URL https://marketing.example.com/callback"

API Configuration

Set up API resource servers:

"Create an API called 'Orders API' with identifier https://api.example.com/orders and scopes read:orders and write:orders"

Custom Authentication Logic

Build and deploy Actions:

"Create a post-login Action that adds a 'department' claim to the ID token based on the user's email domain"

Security Monitoring

Query and analyze logs:

"Show me all failed login attempts in the last hour"

User Experience Customization

Manage authentication forms:

"Create a signup form that collects company name and department during registration"

Troubleshooting

Authentication Issues

Problem: "Failed to authenticate with Auth0"

Solution:

  1. Verify your Auth0 domain is correct
  2. Re-run npx @auth0/mcp-server init
  3. Check Auth0 M2M application has Management API access
  4. Ensure required scopes are granted (read:applications, create:applications, etc.)

Permission Errors

Problem: "Insufficient permissions to perform action"

Solution:

  1. Check your Auth0 M2M application has necessary Management API scopes
  2. In Auth0 Dashboard: Applications → MCP Application → APIs → Auth0 Management API
  3. Grant required scopes for the tools you need to use

Tool Not Available

Problem: "Tool not found or disabled"

Solution:

  1. Check if you're using --limit-tools flag
  2. Verify the tool name matches exactly (case-sensitive)
  3. Remove read-only mode if you need write operations
  4. Restart MCP client after config changes

Connection Timeout

Problem: "Connection to Auth0 timed out"

Solution:

  1. Check internet connectivity
  2. Verify Auth0 domain is accessible
  3. Check firewall/proxy settings
  4. Try re-authenticating with npx @auth0/mcp-server init

Beta Status:

Auth0 MCP Server is in beta. Features and API may change.

Sources

Related Articles

ConsoleSpy MCP Server

ConsoleSpy MCP servers enable AI models to interact with browser console logs, providing capabilities for real-time debugging, error monitoring, and application analysis.

Flutter MCP Server

Flutter MCP servers enable AI models to interact with Flutter projects, providing capabilities for code analysis, formatting, testing, and documentation retrieval.

Search and Retrieval MCP Servers

The Search & Retrieval category provides integration with search engines and information retrieval systems, enabling efficient content discovery and data retrieval across different sources.