Configuring an MCP Server with Auth0 as the Authorization Server
设置默认受众以确保Auth0生成可验证的JWT访问令牌。步骤包括在Auth0创建API并设置名称和标识符,适合非生产环境使用。 2025-9-18 15:29:58 Author: securityboulevard.com(查看原文) 阅读量:9 收藏
设置默认受众以确保Auth0生成可验证的JWT访问令牌。步骤包括在Auth0创建API并设置名称和标识符,适合非生产环境使用。 2025-9-18 15:29:58 Author: securityboulevard.com(查看原文) 阅读量:9 收藏
Step 2: Set a Default Audience
By default, Claude (like other MCP clients) includes `resource` as a parameter in the OAuth authorization request but does not include `audience.’ When Auth0 doesn’t receive an audience, it issues opaque (encrypted) tokens. These are difficult to validate in an MCP server, since decryption typically requires keypairs and support that may not exist.
Setting a default audience ensures Auth0 produces a standard JWT access token that your MCP server can validate.
Treat this as a shortcut, it is best suited for demos or non-production setups.
1. In the Auth0 dashboard, go to APIs
2. Click on + Create API
3. Enter a friendly name under Name (for example, “My MCP Server”)
4. Enter https://mymcpserver.com/ under Identifier
5. Click Save
文章来源: https://securityboulevard.com/2025/09/configuring-an-mcp-server-with-auth0-as-the-authorization-server/
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh