mirror of
https://github.com/wso2/open-mcp-auth-proxy.git
synced 2025-06-27 17:13:31 +00:00
93 lines
2.7 KiB
Markdown
93 lines
2.7 KiB
Markdown
## Integrating with Auth0
|
|
|
|
This guide will help you configure Open MCP Auth Proxy to use Auth0 as your identity provider.
|
|
|
|
### Prerequisites
|
|
|
|
- An Auth0 organization (sign up [here](https://auth0.com) if you don't have one)
|
|
- Open MCP Auth Proxy installed
|
|
|
|
### Setting Up Auth0
|
|
1. [Enable Dynamic Client Registration](https://auth0.com/docs/get-started/applications/dynamic-client-registration)
|
|
- Go to your Auth0 dashboard
|
|
- Navigate to Settings > Advanced
|
|
- Enable "OIDC Dynamic Application Registration"
|
|
2. In order to setup connections in dynamically created clients [promote Connections to Domain Level](https://auth0.com/docs/authenticate/identity-providers/promote-connections-to-domain-level)
|
|
3. Create an API in Auth0:
|
|
- Go to your Auth0 dashboard
|
|
- Navigate to Applications > APIs
|
|
- Click on "Create API"
|
|
- Set a Name (e.g., "MCP API")
|
|
- Set an Identifier (e.g., "mcp_proxy")
|
|
- Keep the default signing algorithm (RS256)
|
|
- Click "Create"
|
|
|
|
### Configuring the Open MCP Auth Proxy
|
|
|
|
Update your `config.yaml` with Auth0 settings:
|
|
|
|
```yaml
|
|
# Basic proxy configuration
|
|
listen_port: 8080
|
|
base_url: "http://localhost:8000"
|
|
port: 8000
|
|
|
|
# Path configuration
|
|
paths:
|
|
sse: "/sse"
|
|
messages: "/messages/"
|
|
|
|
# Transport mode
|
|
transport_mode: "sse"
|
|
|
|
# CORS configuration
|
|
cors:
|
|
allowed_origins:
|
|
- "http://localhost:5173" # Your client application origin
|
|
allowed_methods:
|
|
- "GET"
|
|
- "POST"
|
|
- "PUT"
|
|
- "DELETE"
|
|
allowed_headers:
|
|
- "Authorization"
|
|
- "Content-Type"
|
|
allow_credentials: true
|
|
|
|
# Path mappings for Auth0 endpoints
|
|
path_mapping:
|
|
/token: /oauth/token
|
|
/register: /oidc/register
|
|
|
|
# Auth0 configuration
|
|
default:
|
|
base_url: "https://YOUR_AUTH0_DOMAIN" # e.g., https://dev-123456.us.auth0.com
|
|
jwks_url: "https://YOUR_AUTH0_DOMAIN/.well-known/jwks.json"
|
|
path:
|
|
/.well-known/oauth-authorization-server:
|
|
response:
|
|
issuer: "https://YOUR_AUTH0_DOMAIN/"
|
|
jwks_uri: "https://YOUR_AUTH0_DOMAIN/.well-known/jwks.json"
|
|
authorization_endpoint: "https://YOUR_AUTH0_DOMAIN/authorize?audience=mcp_proxy" # Only if you created an API with this identifier
|
|
response_types_supported:
|
|
- "code"
|
|
grant_types_supported:
|
|
- "authorization_code"
|
|
- "refresh_token"
|
|
code_challenge_methods_supported:
|
|
- "S256"
|
|
- "plain"
|
|
/token:
|
|
addBodyParams:
|
|
- name: "audience"
|
|
value: "mcp_proxy" # Only if you created an API with this identifier
|
|
```
|
|
|
|
Replace YOUR_AUTH0_DOMAIN with your Auth0 domain (e.g., dev-abc123.us.auth0.com).
|
|
|
|
## Starting the Proxy with Auth0 Integration
|
|
Start the proxy in default mode (which will use Auth0 based on your configuration):
|
|
|
|
```bash
|
|
./openmcpauthproxy
|
|
```
|