Add MCP Server example #2299
Add MCP Server example #2299
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #2299 +/- ##
=======================================
Coverage 85.47% 85.47%
=======================================
Files 26 26
Lines 2636 2636
Branches 486 486
=======================================
Hits 2253 2253
Misses 377 377
Partials 6 6 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
examples/mcp/.gitignore
Outdated
| @@ -0,0 +1,41 @@ | |||
| # See https://help.github.com/articles/ignoring-files/ for more about ignoring files. | |||
There was a problem hiding this comment.
Can we review to see what's actually needed here? Most of this is already covered in the root .gitignore.
|
|
||
| ## Auth0 Tenant Setup | ||
|
|
||
| For detailed instructions on setting up your Auth0 tenant for MCP server integration, please refer to the [Auth0 Tenant Setup guide](https://github.com/auth0/auth0-auth-js/blob/main/examples/example-fastmcp-mcp/README.md#auth0-tenant-setup). |
There was a problem hiding this comment.
This link should be available once auth0/auth0-auth-js#45 merges in
There was a problem hiding this comment.
This is resolved now that the above PR is merged in
examples/mcp/README.md
Outdated
| With the configuration in place, the example can be started by running: | ||
|
|
||
| ```bash | ||
| npm run start |
There was a problem hiding this comment.
Why npm since we're using pnpm for build? Also why start? Probably need to either:
- Include a
run buildstep sostartworks (fails currently w/out it) - Or use
run devinstead
| lockfileVersion: '9.0' | ||
|
|
||
| settings: | ||
| autoInstallPeers: true | ||
| excludeLinksFromLockfile: false | ||
|
|
||
| importers: |
There was a problem hiding this comment.
Shouldn't we just have the one root pnpm-lock.yaml file? Why is this here?
There was a problem hiding this comment.
I am following the pattern used in other examples: https://github.com/search?q=repo%3Aauth0%2Fnextjs-auth0%20pnpm-lock.yaml&type=code and
Line 13 in fe1f5e7
Not too sure on the reason here though. I will check in with the sdk team to confirm
There was a problem hiding this comment.
There was a problem hiding this comment.
Confirmed with the sdk team. The examples here are meant to be standalone next applications https://auth0team.atlassian.net/browse/ESD-51351?focusedCommentId=1019127
patrickkang
force-pushed
the
add-mcp-example
branch
from
c57c987 to
06e9dea
Compare
|
Claude encountered an error —— View job I'll analyze this and get back to you. |
|
Hi @patrickkang, thank you for sharing this example! I noticed that it doesn’t appear to use nextjs-auth0. Could you help me understand the rationale for including it in the Next.js SDK repository? |
| clientId, | ||
| scopes: | ||
| typeof decoded.scope === "string" | ||
| ? decoded.scope.split(" ").filter(Boolean) |
There was a problem hiding this comment.
Can we simplify this return block? I notice it contains ternary conditions, claims checks, and other logic all within the return statement, which makes the code a bit hard to follow and less intuitive.
There was a problem hiding this comment.
I agree, but i think this can be addressed in a separate PR unless this is a real blocker. We also have other MCP examples that follows this
|
|
||
| interface Auth0Mcp { | ||
| verifyToken: ReturnType<typeof createTokenVerifier>; | ||
| requireScopes: ReturnType<typeof createScopeValidator>; |
There was a problem hiding this comment.
Hi @patrickkang, just to clarify, does this example mainly aim to demonstrate how users can implement custom logic for token verification and scope validation, or does it also illustrate how to obtain a token?
There was a problem hiding this comment.
It is mainly to demonstrate token verification, user identity extraction, and protected MCP tools(scope based access control)
| }, | ||
| "dependencies": { | ||
| "@auth0/auth0-api-js": "^1.0.2", | ||
| "@auth0/nextjs-auth0": "^4.5.1", |
There was a problem hiding this comment.
I don't see @auth0/nextjs-auth0 used in this example, am i missing anything ?
There was a problem hiding this comment.
My mistake - this example does not depend on nextjs-auth0
| # Example Nextjs MCP Server with Auth0 Integration | ||
|
|
||
| This is a practical example of securing a [Model Context Protocol (MCP)](https://modelcontextprotocol.io/docs) server | ||
| with Auth0. |
There was a problem hiding this comment.
I feel it might be helpful to include a bit more detail on how the application is being secured, particularly highlighting the key aspects of the security implementation.
There was a problem hiding this comment.
We are working on additional docs and blogs to highlight this better
|
Closing this in favour of auth0/auth0-auth-js#70 |
4 participants
📋 Changes
Adds MCP Server example with Auth0 integration
📎 References
🎯 Testing
Use a MCP client like MCP inspector to test your MCP server