Auth0 MCP Server
Official Auth0/Okta MCP server providing secure AI-assisted management of Auth0 tenants including applications, actions, resource servers, forms, logs, and grants
Score Breakdown
Server Info
- Package
- @auth0/auth0-mcp-server
- Registry
- npm
- Repository
- auth0/auth0-mcp-server
- Maintainer
- Auth0Vendor
- Category
- Identity & Auth
- Tags
- identityauthenticationoauth
- Last Scanned
- 7 Apr 2026
Findings
8 issuesAuthentication & Identity
HIGHNo per-request auth - requires instance-per-user
Stdio-only transport. Uses a sophisticated device authorization flow: users run 'npx @auth0/auth0-mcp-server init' which initiates OAuth2 device code flow against auth0.auth0.com, opens a browser for verification, then stores the resulting access token and refresh token in the system keychain (via k... For multi-tenant deployment, the platform must spawn a separate server instance per user.
Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.
Tool Schema Quality
MEDIUMOnly 4 of 21 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
CRITICALDangerous execution surface: auth0_create_action: accepts arbitrary JavaScript code in the 'code' field that will execute in Auth0's runtime
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
CRITICALDangerous execution surface: auth0_update_action: accepts arbitrary JavaScript code in the 'code' field
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
CRITICALDangerous execution surface: auth0_save_credentials_to_file: writes client_secret to the local filesystem at an LLM-specified path
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
LLM Safety
HIGHTool descriptions contain instructional language
Descriptions include directives that could influence LLM behavior beyond tool selection.
Remove instructional language. Descriptions should be purely factual.
Data Exposure
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Maintenance & Trust
MEDIUM5 dependency vulnerabilities (5 high)
npm audit found 5 high severity CVEs.
Update vulnerable dependencies.
Tools
21 total| Name | Description | Risk |
|---|---|---|
| auth0_list_applications | List all applications in the Auth0 tenant or search by name | read |
| auth0_get_application | Get details about a specific Auth0 application | read |
| auth0_create_application | Create a new Auth0 application with the tenant. Prefer OIDC compliant unless otherwise specified. | write |
| auth0_update_application | Update an existing Auth0 application | write |
| auth0_save_credentials_to_file | Save Auth0 application credentials to a file. Only use this when you are in a project directory. This retrieves the client_secret from Auth0 and saves it locally. Requires explicit file path to prevent accidental file creation. If the file already exists, credentials are appended (existing content is preserved). Additionally, .gitignore entry is automatically added for the target file. | admin |
| auth0_list_resource_servers | List all resource servers (APIs) in the Auth0 tenant | read |
| auth0_get_resource_server | Get details about a specific Auth0 resource server | read |
| auth0_create_resource_server | Create a new Auth0 resource server (API). Use RS256 for the signing_alg unless otherwise specified. | write |
| auth0_update_resource_server | Update an existing Auth0 resource server | write |
| auth0_list_actions | List all actions in the Auth0 tenant | read |
| auth0_get_action | Get details about a specific Auth0 action | read |
| auth0_create_action | Create a new Auth0 action | write |
| auth0_update_action | Update an existing Auth0 action | write |
| auth0_deploy_action | Deploy an Auth0 action | admin |
| auth0_list_logs | List logs from the Auth0 tenant | read |
| auth0_get_log | Get a specific log entry by ID | read |
| auth0_list_forms | List all forms in the Auth0 tenant | read |
| auth0_get_form | Get details about a specific Auth0 form | read |
| auth0_create_form | Create a new Auth0 form | write |
| auth0_update_form | Update an existing Auth0 form | write |
| auth0_create_application_grant | Create a client grant that authorizes an Auth0 application to access a specific API with defined scopes. Required for machine-to-machine (M2M) communication using the client credentials flow. Use auth0_list_resource_servers to discover available APIs (audiences) and auth0_get_resource_server to look up available scopes before creating the grant. | admin |
Deploy Auth0 MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow