Auth0 MCP Server
MCP server for Auth0 Management API — create and manage applications, resource servers, actions, forms, logs, and client grants via natural language
Score Breakdown
Server Info
- Package
- @auth0/auth0-mcp-server
- Registry
- npm
- Repository
- auth0/auth0-mcp-server
- Maintainer
- Auth0Vendor
- Category
- Identity & Auth
- Tags
- identityauthenticationoauth
- Last Scanned
- 28 May 2026
Findings
8 issuesAuthentication & Identity
CRITICALStdio-only transport - no per-request token support
Pre-release beta (v0.1.0-beta.13). Primary auth is device authorization flow via the Auth0 CLI — tokens stored in OS keychain via keytar. Also supports direct env-var injection via AUTH0_TOKEN + AUTH0_DOMAIN for hosted/bundle scenarios. No MCP OAuth transport spec implemented. OIDC conformant=true a... Platform cannot pass per-request tokens; must spawn one server instance per user.
Add HTTP/SSE transport to accept per-request Authorization headers.
HIGHNo MCP OAuth spec implementation
Server does not implement the MCP OAuth authorization server spec. The platform must handle the full OAuth flow, token management, and credential injection externally.
Implement the MCP OAuth spec (.well-known/oauth-authorization-server) for native per-user authentication.
Tool Schema Quality
MEDIUMOnly 5 of 21 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
CRITICALDangerous execution surface: auth0_create_action: accepts arbitrary JavaScript code string (code param) executed server-side in Auth0 Actions runtime
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
CRITICALDangerous execution surface: auth0_update_action: same arbitrary code update surface
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
LLM Safety
HIGHTool descriptions contain instructional language
Descriptions include directives that could influence LLM behavior beyond tool selection.
Remove instructional language. Descriptions should be purely factual.
Data Exposure
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Maintenance & Trust
MEDIUM5 dependency vulnerabilities (5 high)
npm audit found 5 high severity CVEs.
Update vulnerable dependencies.
Tools
21 total| Name | Description | Risk |
|---|---|---|
| auth0_list_applications | List all applications in the Auth0 tenant or search by name | read |
| auth0_get_application | Get details about a specific Auth0 application | read |
| auth0_create_application | Create a new Auth0 application with the tenant. Prefer OIDC compliant unless otherwise specified. | write |
| auth0_update_application | Update an existing Auth0 application | write |
| auth0_save_credentials_to_file | Save Auth0 application credentials to a file. Only use this when you are in a project directory. This retrieves the client_secret from Auth0 and saves it locally. Requires explicit file path to prevent accidental file creation. If the file already exists, credentials are appended (existing content is preserved). Additionally, .gitignore entry is automatically added for the target file. | admin |
| auth0_list_resource_servers | List all resource servers (APIs) in the Auth0 tenant | read |
| auth0_get_resource_server | Get details about a specific Auth0 resource server | read |
| auth0_create_resource_server | Create a new Auth0 resource server (API). Use RS256 for the signing_alg unless otherwise specified. | write |
| auth0_update_resource_server | Update an existing Auth0 resource server | write |
| auth0_list_actions | List all actions in the Auth0 tenant | read |
| auth0_get_action | Get details about a specific Auth0 action | read |
| auth0_create_action | Create a new Auth0 action | write |
| auth0_update_action | Update an existing Auth0 action | write |
| auth0_deploy_action | Deploy an Auth0 action | admin |
| auth0_list_logs | List logs from the Auth0 tenant | read |
| auth0_get_log | Get a specific log entry by ID | read |
| auth0_list_forms | List all forms in the Auth0 tenant | read |
| auth0_get_form | Get details about a specific Auth0 form | read |
| auth0_create_form | Create a new Auth0 form | write |
| auth0_update_form | Update an existing Auth0 form | write |
| auth0_create_application_grant | Create a client grant that authorizes an Auth0 application to access a specific API with defined scopes. Required for machine-to-machine (M2M) communication using the client credentials flow. Use auth0_list_resource_servers to discover available APIs (audiences) and auth0_get_resource_server to look up available scopes before creating the grant. | admin |
Deploy Auth0 MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow