Auth0 OAuth MCP Server

by pratham-svg

Integrations

  • Handles user authentication through Auth0, enabling secure access to protected APIs by requesting user credentials, managing OAuth flows, and handling tokens.

  • Enables deployment of the MCP server to Cloudflare Workers, utilizing KV storage for OAuth tokens and providing environment configurations for secure operation.

Model Context Protocol (MCP) Server

This is a MCP server which will require the user to first authenticate. The MCP server will then be able to call protected APIs on behalf of the user.

Configuration

Todos API

Before you can use the MCP server, you will need to deploy the Todos API as documented here.

Auth0 Configuration

In the Auth0 dashboard, create a new application in the Applications section (type: "Regular Web Application").

Once the application is created, configure the following URL as the callback URL when developing locally:

http://localhost:8788/callback

Set up a KV namespace

  • Create the KV namespace: wrangler kv:namespace create "OAUTH_KV"
  • Update the Wrangler file with the KV ID

Environment Variables

This MCP Server needs a few environment variables to be configured:

SettingDescription
AUTH0_DOMAINThe domain of your Auth0 tenant (e.g., acme.auth0.com)
AUTH0_CLIENT_IDThe Client ID from the Auth0 application you created
AUTH0_CLIENT_SECRETThe Client Secret from the Auth0 application you created
AUTH0_AUDIENCEThe unique identifier for your API which you registered in the Auth0 dashbaord (e.g., urn:todos-api)
AUTH0_SCOPEThe scopes requested by the MCP Server. Here we request basic profile info (openid email profile), refresh token capability (offline_access), and API access (read:todos)
NODE_ENVThe environment setting - use development for local development
API_BASE_URLThe base URL where your Todos API is running

Development

Create a .dev.vars file in the root of the project with the following structure:

AUTH0_DOMAIN=yourdomain.us.auth0.com AUTH0_CLIENT_ID=The Client ID of the application you created in Auth0 AUTH0_CLIENT_SECRET=The Client Secret of the application you created in Auth0 AUTH0_AUDIENCE=urn:todos-api AUTH0_SCOPE=openid email profile offline_access read:todos NODE_ENV=development API_BASE_URL=http://localhost:8789

Testing the MCP Server

To start the MCP server, you can use the following command:

npm run dev

With MCP Inspector you can connect to the MCP server, list the available tools and call them. Make sure to set the transport type to sse and the URL to http://localhost:8788/sse.

Deploying the MCP Server to Cloudflare

To deploy the MCP Server to Cloudflare, you will first need to set the following secrets:

wrangler secret put AUTH0_DOMAIN wrangler secret put AUTH0_CLIENT_ID wrangler secret put AUTH0_CLIENT_SECRET wrangler secret put AUTH0_AUDIENCE wrangler secret put AUTH0_SCOPE wrangler secret put API_BASE_URL

Once the secrets are set, you can deploy the API with the following command:

npm run deploy

In the Auth0 dashboard, also make sure to add a new Callback URL for your deployed MCP server, eg:

https://mcp-auth0-oidc.<your-subdomain>.workers.dev/callback

To test this you can now use the Workers AI LLM Playground. Navigate to https://playground.ai.cloudflare.com/ and connect to your MCP server on the bottom left using the following URL pattern:

https://mcp-auth0-oidc.<your-subdomain>.workers.dev/sse

This will open a popup where you can sign in after which you'll be able to use all of the tools.

Troubleshooting

If you encounter any issues while setting up or using the MCP server, here are some troubleshooting steps:

Check Worker Logs

Visit the Cloudflare Workers Logs in your dashboard

Auth0 Dashboard Logs

  • Navigate to the Logs section in your Auth0 Dashboard
  • Review authentication attempts and failures

Common Issues

  • If authentication fails, verify your Auth0 configuration and secrets
  • For connection issues, ensure your Worker is deployed and the domain is correct
  • Check that all callback URLs are properly configured in Auth0
  • Verify the API_BASE_URL matches your deployed API endpoint
-
security - not tested
F
license - not found
-
quality - not tested

A Model Context Protocol server that requires user authentication via Auth0 before enabling secure API access on behalf of the authenticated user.

  1. Configuration
    1. Todos API
    2. Auth0 Configuration
    3. Set up a KV namespace
  2. Environment Variables
    1. Development
      1. Testing the MCP Server
    2. Deploying the MCP Server to Cloudflare
      1. Troubleshooting

        Related MCP Servers

        • A
          security
          F
          license
          A
          quality
          A Model Context Protocol server implementation for interacting with Salesforce through its REST API.
          Last updated -
          4
          10
          TypeScript
        • -
          security
          A
          license
          -
          quality
          A Model Context Protocol server that enables seamless execution of commands, Python code, web content fetching, and reusable task management with secure credentials handling.
          Last updated -
          2
          Python
          MIT License
          • Apple
        • -
          security
          A
          license
          -
          quality
          A Model Context Protocol server designed for testing backend APIs for security vulnerabilities like authentication bypass, injection attacks, and data leakage.
          Last updated -
          1
          TypeScript
          MIT License
        • A
          security
          F
          license
          A
          quality
          A Model Context Protocol server implementation that provides endpoints for wallet-based authentication, cluster management, and name registration services.
          Last updated -
          TypeScript

        View all related MCP servers

        ID: ltli48vbh2