home / mcp / asgardeo mcp server
Provides tooling to manage Asgardeo organizations and WSO2 Identity Server deployments via MCP-enabled actions and natural language prompts.
Configuration
View docs{
"mcpServers": {
"asgardeo-asgardeo-mcp-server": {
"command": "<absolute path to the asgardeo-mcp executable, e.g., /Users/<user directory>/<repository path>/asgardeo-mcp-server/asgardeo-mcp>",
"args": [],
"env": {
"BASE_URL": "https://api.asgardeo.io/t/<asgardeo organization>",
"CLIENT_ID": "<client ID>",
"CLIENT_SECRET": "<client secret>"
}
}
}
}The Asgardeo MCP Server lets you manage your Asgardeo organization or WSO2 Identity Server deployment through natural language interfaces. You can perform configuration tasks, create and manage applications, and tailor login flows using MCP-enabled tools, all from a single, extensible server.
You interact with the Asgardeo MCP Server through an MCP client. Start the server locally, connect your MCP client (such as an editor plugin or desktop assistant), and use the available management actions and API resource tools to configure your organization. Typical workflows include listing applications, creating new applications (SPA, web, mobile, or M2M), retrieving detailed information about specific applications, and updating login flows using natural language prompts.
Prerequisites: Go 1.18 or newer must be installed on your machine.
Clone the MCP server repository, tidy dependencies, and build the executable.
git clone https://github.com/asgardeo/asgardeo-mcp-server.git
```
```bash
cd asgardeo-mcp-server
```
```bash
go mod tidy
```
```bash
go build -o asgardeo-mcpTo connect your MCP client, you need the server executable and credentials for your Asgardeo organization. The client will use a base URL, a client ID, and a client secret to authenticate against the Asgardeo APIs.
Prepare a local MCP client configuration by providing these environment variables to the MCP server workflow.
If you are using WSO2 Identity Server, you will need an additional environment variable named PRODUCT_MODE set to wso2is. You should also set BASE_URL to your WSO2 Identity Server base URL. If you operate in local development or internal networks, you may need to set a CA certificate path to avoid SSL issues by using CERT_PATH.
Typical client setups pass the following environment variables to the MCP server:BASE_URL, CLIENT_ID, and CLIENT_SECRET. These values are used by the MCP client to obtain access tokens and call the management APIs.
Common issues include invalid credentials or missing scopes on the M2M application, build or dependency problems, and incorrect MCP executable paths. Verify that the BASE_URL, CLIENT_ID, and CLIENT_SECRET are correct, ensure the M2M application has the required scopes, and confirm the MCP executable path has execute permissions.
Keep client credentials secure. Do not commit BASE_URL, CLIENT_ID, or CLIENT_SECRET to version control. Use per-environment configurations and rotate credentials as part of your security hygiene.
Lists all applications in your organization
Creates a new Single Page Application with a specified name and redirect URL
Creates a new web application with server-side rendering and a redirect URL
Creates a new Mobile Application with a redirect URL
Creates a new Machine-to-Machine Application with a given name
Retrieves application details by its name
Retrieves application details by its client ID
Updates basic information of an application by ID with optional fields like name and description
Updates OAuth/OIDC configurations of an application by ID
Updates claim configurations for an application by ID
Authorizes an application to access a specific API resource with a given policy and scopes
Lists API resources authorized for an application by app ID
Updates the login flow of an application based on a natural language prompt
Lists API resources in your organization
Searches for API resources by name
Gets an API resource by its identifier
Creates a new API resource with identifier, name, and scopes
Creates a user in your organization
Lists claims in your organization