phoenix-oss/open-mcp-auth-proxy
1
0
Fork 0
forked from phoenix-oss/open-mcp-auth-proxy-upstream
Code Pull requests Releases Packages 1 Activity Actions
open-mcp-auth-proxy/docs/integrations/Auth0.md
Pavindu Lakshan ecee345f9c Add guide for Keycloak integration
2025-04-15 08:53:53 +05:30

2.7 KiB
Raw Permalink Blame History

Integrating with Auth0

This guide will help you configure Open MCP Auth Proxy to use Auth0 as your identity provider.

Prerequisites

  • An Auth0 organization (sign up here if you don't have one)
  • Open MCP Auth Proxy installed

Setting Up Auth0

  1. Enable Dynamic Client Registration
    • Go to your Auth0 dashboard
    • Navigate to Settings > Advanced
    • Enable "OIDC Dynamic Application Registration"
  2. In order to setup connections in dynamically created clients promote Connections to Domain Level
  3. Create an API in Auth0:
    • Go to your Auth0 dashboard
    • Navigate to Applications > APIs
    • Click on "Create API"
    • Set a Name (e.g., "MCP API")
    • Set an Identifier (e.g., "mcp_proxy")
    • Keep the default signing algorithm (RS256)
    • Click "Create"

Configuring the Open MCP Auth Proxy

Update your config.yaml with Auth0 settings:

# Basic proxy configuration
listen_port: 8080
base_url: "http://localhost:8000"
port: 8000

# Path configuration
paths:
  sse: "/sse"
  messages: "/messages/"

# Transport mode
transport_mode: "sse"

# CORS configuration
cors:
  allowed_origins:
    - "http://localhost:5173"  # Your client application origin
  allowed_methods:
    - "GET"
    - "POST"
    - "PUT"
    - "DELETE"
  allowed_headers:
    - "Authorization"
    - "Content-Type"
  allow_credentials: true

# Path mappings for Auth0 endpoints
path_mapping:
  /token: /oauth/token
  /register: /oidc/register

# Auth0 configuration
default:
  base_url: "https://YOUR_AUTH0_DOMAIN"  # e.g., https://dev-123456.us.auth0.com
  jwks_url: "https://YOUR_AUTH0_DOMAIN/.well-known/jwks.json"
  path:
    /.well-known/oauth-authorization-server:
      response:
        issuer: "https://YOUR_AUTH0_DOMAIN/"
        jwks_uri: "https://YOUR_AUTH0_DOMAIN/.well-known/jwks.json"
        authorization_endpoint: "https://YOUR_AUTH0_DOMAIN/authorize?audience=mcp_proxy" # Only if you created an API with this identifier
        response_types_supported: 
          - "code"
        grant_types_supported:
          - "authorization_code"
          - "refresh_token"
        code_challenge_methods_supported:
          - "S256"
          - "plain"
    /token:
      addBodyParams:
        - name: "audience"
          value: "mcp_proxy"  # Only if you created an API with this identifier

Replace YOUR_AUTH0_DOMAIN with your Auth0 domain (e.g., dev-abc123.us.auth0.com).

Starting the Proxy with Auth0 Integration

Start the proxy in default mode (which will use Auth0 based on your configuration):

./openmcpauthproxy