enterprise-auth-mcp-server
Provides JWT validation, OIDC claims verification, token introspection, and role/permission extraction for Auth0 tokens.
Provides JWT validation, OIDC claims verification, and token introspection for Google Identity tokens.
Provides JWT validation, OIDC claims verification, token introspection, and role/permission extraction for Keycloak tokens.
Provides JWT validation, OIDC claims verification, token introspection, and role/permission extraction for Okta tokens.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@enterprise-auth-mcp-servercheck if this JWT token has the admin role"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
enterprise-auth-mcp-server
MCP server for enterprise authentication and authorization — JWT validation, OIDC token inspection, OAuth 2.0 introspection, and role-based access control for AI agents.
Features
JWT Decode — Inspect token header, payload, and metadata without signature verification
JWT Validate — Validate signature, expiry, audience, and issuer
Permission Check — Verify if a token has required OAuth scopes and roles
User Roles — Extract user identity, roles, and groups (supports Keycloak, Azure AD, Auth0, Okta)
OAuth Introspection — RFC 7662 token introspection (remote endpoint or local fallback)
OIDC Claims Verify — OpenID Connect Core 1.0 claims validation
Token Scope List — List all scopes, roles, and permissions with provider auto-detection
OIDC Discovery — Fetch provider endpoints from /.well-known/openid-configuration
Installation
pip install enterprise-auth-mcp-serverClaude Desktop Configuration
Add to claude_desktop_config.json:
{
"mcpServers": {
"enterprise-auth": {
"command": "enterprise-auth-mcp-server"
}
}
}Tools
Tool | Description |
| Decode JWT without signature verification |
| Validate JWT signature, expiry, audience, issuer |
| Check if token has required scopes/roles |
| Extract user identity and roles from token |
| OAuth 2.0 RFC 7662 token introspection |
| Validate OIDC Core 1.0 required claims |
| List all scopes and permissions with provider detection |
| Fetch OIDC provider discovery document |
Usage Examples
Decode a JWT token
decode_jwt(token="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...")Validate a JWT with secret
validate_jwt(token="...", secret="my-secret", algorithms="HS256", audience="my-app")Check if user has admin role
check_permissions(token="...", required_roles="admin,manager")Verify OIDC claims
verify_oidc_claims(token="...", expected_issuer="https://accounts.google.com", expected_audience="my-client-id")Get OIDC provider endpoints
get_oidc_discovery(issuer_url="https://accounts.google.com")Supported Identity Providers
Azure AD / Microsoft Entra ID — Azure roles, app roles, directory roles (wids)
Okta — Groups, custom claims
Auth0 — Permissions, roles via Management API conventions
Keycloak — realm_access, resource_access
Google Identity — Standard OIDC claims
Any OIDC-compliant provider — Standards-based JWT/OIDC support
Use Cases
Enterprise MCP Deployments — Validate agent identity before granting tool access
Zero Trust Architecture — Verify every request has valid, unexpired credentials
API Gateway Integration — Check OAuth scopes for fine-grained authorization
Audit & Compliance — Extract and log user identity from authentication tokens
SSO Integration — Verify tokens from any OIDC-compliant identity provider
License
MIT License — see LICENSE for details.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/AiAgentKarl/enterprise-auth-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server