playbooks

home / mcp / auth0 mcp server

Auth0 MCP Server

Provides tools to manage Auth0 tenants by enabling LLMs to perform management tasks via the MCP protocol.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "auth0-auth0-mcp-server": {
      "command": "npx",
      "args": [
        "-y",
        "@auth0/auth0-mcp-server",
        "run"
      ],
      "env": {
        "DEBUG": "auth0-mcp"
      }
    }
  }
}

The Auth0 MCP Server lets large language models and AI agents interact with Auth0 management functions through the Model Context Protocol, enabling natural language queries to perform tasks such as listing apps, creating resources, and reviewing logs. You gain hands-on control over your Auth0 tenant with safe, configurable tool access that you tailor to your needs.

How to use

You connect an MCP client (for example Claude Desktop, Windsurf, Cursor, or a custom client) to the Auth0 MCP Server. Start the server with a chosen set of tools to limit what the AI can do, then prompt the client with natural language requests like creating an application, listing resource servers, or viewing logs. The server handles authentication with the Auth0 Management API and returns structured results that your client can present or act upon.

To begin, authenticate to your Auth0 tenant during setup. The server uses OAuth 2.0 device authorization flow, and credentials are stored securely in your system keychain. You can review or adjust which tools are available at startup, and you can enable read-only operation when you want to supervise actions. Use the session and logout commands to manage your active session as needed.

How to install

Prerequisites: Node.js v18 or higher and a compatible MCP Client. Ensure you have an Auth0 account with appropriate permissions.

Install the Auth0 MCP Server and configure it to work with your MCP Client. You can choose tools at startup, or enable all tools if you need full access.

# Initialize with all tools
npx @auth0/auth0-mcp-server init

# Initialize with read-only tools
npx @auth0/auth0-mcp-server init --read-only

# Initialize with explicit tool patterns
npx @auth0/auth0-mcp-server init --tools 'auth0_list_*,auth0_get_*'

# Initialize for a specific client (example: windsurf)
npx @auth0/auth0-mcp-server init --client windsurf

# Initialize for a specific client (example: vscode)
npx @auth0/auth0-mcp-server init --client vscode

Security and configuration

Control tool access using startup flags to follow the principle of least privilege. You can enable only read-only operations, limit to certain tool patterns, or allow all tools for full access. The read-only flag takes priority when used with a tools pattern, ensuring a secure baseline.

# Enable only read-only operations
npx @auth0/auth0-mcp-server run --read-only

# Enable only read-only application tools
npx @auth0/auth0-mcp-server run --tools 'auth0_*_application*' --read-only

# Allow all tools
npx @auth0/auth0-mcp-server run --tools '*'

Authentication and session management

During initial setup, you run the device authorization flow to authenticate your Auth0 tenant. You may also configure client credentials for private cloud tenants. You can check your current session and securely logout when finished to remove tokens from your keychain.

To start or verify a session, use the following commands.

# Start device authorization flow
npx @auth0/auth0-mcp-server init

# Check current session
npx @auth0/auth0-mcp-server session

# Logout and remove tokens
npx @auth0/auth0-mcp-server logout

Troubleshooting

If you encounter issues, enable debug logs to diagnose problems, verify your token status, and reinitialize with appropriate scopes. Common issues include authentication failures, connectivity between the client and server, and permission errors.

# Enable debug logs for troubleshooting
export DEBUG=auth0-mcp

# Check your session status
npx @auth0/auth0-mcp-server session

# Reinitialize with broader scopes if needed
npx @auth0/auth0-mcp-server init --scopes 'read:*,update:*,create:*'

Additional notes

For other MCP clients, you can manually configure the client with a similar mcpServers entry and restart to apply changes. The configuration example demonstrates how to reference the server through a local npx invocation along with environment settings.

Anonymized analytics may be collected to improve the tool. You can opt out by setting a specific environment variable.

Available tools

auth0_list_applications

List all applications in the Auth0 tenant or search by name

auth0_get_application

Get details about a specific Auth0 application

auth0_create_application

Create a new Auth0 application

auth0_update_application

Update an existing Auth0 application

auth0_list_resource_servers

List all resource servers (APIs) in the Auth0 tenant

auth0_get_resource_server

Get details about a specific Auth0 resource server

auth0_create_resource_server

Create a new Auth0 resource server (API)

auth0_update_resource_server

Update an existing Auth0 resource server

auth0_create_application_grant

Create a client grant that authorizes an Auth0 application to access a specific API with defined scopes

auth0_list_actions

List all actions in the Auth0 tenant

auth0_get_action

Get details about a specific Auth0 action

auth0_create_action

Create a new Auth0 action

auth0_update_action

Update an existing Auth0 action

auth0_deploy_action

Deploy an Auth0 action

auth0_list_logs

List logs from the Auth0 tenant

auth0_get_log

Get a specific log entry by ID

auth0_list_forms

List all forms in the Auth0 tenant

auth0_get_form

Get details about a specific Auth0 form

auth0_create_form

Create a new Auth0 form

auth0_update_form

Update an existing Auth0 form

auth0_publish_form

Publish an Auth0 form