phoenix-oss/open-mcp-auth-proxy-upstream
0
0
Fork 1
mirror of https://github.com/wso2/open-mcp-auth-proxy.git synced 2025-06-27 09:05:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
open-mcp-auth-proxy-upstream/docs/integrations/Auth0.md
Pavindu Lakshan ecee345f9c Add guide for Keycloak integration
2025-04-15 08:53:53 +05:30

93 lines
2.7 KiB
Markdown
Raw Permalink Blame History

## Integrating with Auth0
This guide will help you configure Open MCP Auth Proxy to use Auth0 as your identity provider.
### Prerequisites
- An Auth0 organization (sign up [here](https://auth0.com) if you don't have one)
- Open MCP Auth Proxy installed
### Setting Up Auth0
1. [Enable Dynamic Client Registration](https://auth0.com/docs/get-started/applications/dynamic-client-registration)
- Go to your Auth0 dashboard
- Navigate to Settings > Advanced
- Enable "OIDC Dynamic Application Registration"
2. In order to setup connections in dynamically created clients [promote Connections to Domain Level](https://auth0.com/docs/authenticate/identity-providers/promote-connections-to-domain-level)
3. Create an API in Auth0:
- Go to your Auth0 dashboard
- Navigate to Applications > APIs
- Click on "Create API"
- Set a Name (e.g., "MCP API")
- Set an Identifier (e.g., "mcp_proxy")
- Keep the default signing algorithm (RS256)
- Click "Create"
### Configuring the Open MCP Auth Proxy
Update your `config.yaml` with Auth0 settings:
```yaml
# Basic proxy configuration
listen_port: 8080
base_url: "http://localhost:8000"
port: 8000
# Path configuration
paths:
sse: "/sse"
messages: "/messages/"
# Transport mode
transport_mode: "sse"
# CORS configuration
cors:
allowed_origins:
- "http://localhost:5173" # Your client application origin
allowed_methods:
- "GET"
- "POST"
- "PUT"
- "DELETE"
allowed_headers:
- "Authorization"
- "Content-Type"
allow_credentials: true
# Path mappings for Auth0 endpoints
path_mapping:
/token: /oauth/token
/register: /oidc/register
# Auth0 configuration
default:
base_url: "https://YOUR_AUTH0_DOMAIN" # e.g., https://dev-123456.us.auth0.com
jwks_url: "https://YOUR_AUTH0_DOMAIN/.well-known/jwks.json"
path:
/.well-known/oauth-authorization-server:
response:
issuer: "https://YOUR_AUTH0_DOMAIN/"
jwks_uri: "https://YOUR_AUTH0_DOMAIN/.well-known/jwks.json"
authorization_endpoint: "https://YOUR_AUTH0_DOMAIN/authorize?audience=mcp_proxy" # Only if you created an API with this identifier
response_types_supported:
- "code"
grant_types_supported:
- "authorization_code"
- "refresh_token"
code_challenge_methods_supported:
- "S256"
- "plain"
/token:
addBodyParams:
- name: "audience"
value: "mcp_proxy" # Only if you created an API with this identifier
```
Replace YOUR_AUTH0_DOMAIN with your Auth0 domain (e.g., dev-abc123.us.auth0.com).
## Starting the Proxy with Auth0 Integration
Start the proxy in default mode (which will use Auth0 based on your configuration):
```bash
./openmcpauthproxy
```
Reference in a new issue View git blame Copy permalink