agent-auth-mcp

Gunakan alat Agent Auth MCP untuk menemukan penyedia, menghubungkan agen, mengelola kemampuan, dan menjalankan operasi melalui protokol MCP. Gunakan saat bekerja…

npx skills add https://github.com/better-auth/agent-auth --skill agent-auth-mcp

Agent Auth MCP Tools

You have access to Agent Auth MCP tools for interacting with Agent Auth providers. Always prefer using these MCP tools for any agent authentication operations rather than making raw HTTP requests or writing custom code.

Starting the MCP Server

The MCP server is part of the CLI:

auth-agent mcp

Or with pre-configured providers:

auth-agent mcp --url https://api.example.com

Cursor / Claude Desktop configuration

{
  "mcpServers": {
    "auth-agent": {
      "command": "npx",
      "args": ["@auth/agent-cli", "mcp", "--url", "https://api.example.com"]
    }
  }
}

Available Tools

The MCP server exposes 17 tools. Follow the numbered workflow below.

Step 1: Discovery — Find a Provider

ToolParametersWhen to use
list_providers(none)Call this first. Lists all discovered/configured providers.
search_providersintent (required)Search the directory by name or intent (e.g. "deploy web apps", "vercel").
discover_providerurl (required)Look up a specific provider by URL. Only use if list/search didn't help.

Always start with list_providers. If empty, use search_providers or discover_provider.

Step 2: Capabilities — Understand What's Available

ToolParametersWhen to use
list_capabilitiesprovider (required), query, agent_id, limit, cursorList capabilities for a provider.
describe_capabilityprovider, name (required), agent_idGet full definition including input schema. Always call before executing.

Step 3: Connect — Authenticate an Agent

ToolParametersWhen to use
connect_agentprovider (required), capabilities, mode, name, reason, preferred_method, login_hint, binding_message, force_newConnect an agent to a provider. Returns agent_id.

Key parameters:

  • capabilities — Array of capability names to request.
  • mode"delegated" (acts for a user, default) or "autonomous" (independent).
  • preferred_method"device_authorization" (default, opens browser) or "ciba" (backchannel notification).
  • login_hint — User email for CIBA flow.
  • force_new — Create a new connection even if one exists.

Step 4: Use the Agent

ToolParametersWhen to use
execute_capabilityagent_id, capability (required), argumentsExecute a granted capability.
agent_statusagent_id (required)Check agent status, grants, and constraints.
sign_jwtagent_id (required), capabilities, audienceSign an agent JWT for manual use.
request_capabilityagent_id, capabilities (required), reason, preferred_method, login_hint, binding_messageRequest additional capabilities.
disconnect_agentagent_id (required)Revoke an agent.
reactivate_agentagent_id (required)Reactivate an expired agent.

Host Management

ToolParametersWhen to use
enroll_hostprovider, enrollment_token (required), nameEnroll a host with a one-time token.
rotate_agent_keyagent_id (required)Rotate an agent's keypair.
rotate_host_keyissuer (required)Rotate the host keypair for a provider.

Workflow Example

Here is the standard workflow for connecting to a provider and executing a capability:

1. list_providers
   → See what providers are already known

2. search_providers({ intent: "deploy web apps" })
   → Find a provider if none are known (or discover_provider with a URL)

3. list_capabilities({ provider: "https://api.example.com" })
   → See what the provider offers

4. describe_capability({ name: "deploy_app", provider: "https://api.example.com" })
   → Understand the input schema before executing

5. connect_agent({ provider: "https://api.example.com", capabilities: ["deploy_app"], name: "deploy-bot" })
   → Authenticate and get an agent_id
   → If approval is required, the user will be prompted

6. agent_status({ agent_id: "..." })
   → Confirm the agent is active and capabilities are granted

7. execute_capability({ agent_id: "...", capability: "deploy_app", arguments: { app: "my-app", env: "production" } })
   → Run the capability with the correct arguments

Important Rules

  • Never make raw HTTP requests to Agent Auth endpoints. Always use MCP tools.
  • Always call list_providers first. This tells you what's already configured.
  • Always call describe_capability before execute_capability. You need the input schema.
  • Always call agent_status after connect_agent. The agent may be pending approval.
  • Save the agent_id returned by connect_agent — every subsequent tool needs it.
  • Use constraints when connecting to limit agent permissions — pass them in the capabilities parameter as objects with name and constraints fields.
  • Handle approval flows. When connect_agent returns approval info (device code URL or CIBA), the user must approve before the agent becomes active. Poll agent_status to check.
  • Errors return structured objects like { error: "message", code: "error_code" } — check these and retry or adjust accordingly.

Capability Constraints

When connecting, you can restrict what an agent can do with its capabilities:

{
  "provider": "https://api.example.com",
  "capabilities": [
    "read_data",
    {
      "name": "transfer_money",
      "constraints": {
        "amount": { "max": 1000, "min": 1 },
        "currency": { "in": ["USD", "EUR"] }
      }
    }
  ]
}

Constraint types: eq (exact match), min/max (numeric bounds), in/not_in (allowed/blocked values).

When to Use CLI vs MCP

  • Use MCP tools when operating inside an MCP-enabled environment (Cursor, Claude Code, Claude Desktop) — the tools are already available and integrated.
  • Use the CLI when running from a terminal directly, scripting, or when MCP is not available.
  • Both expose the same operations and share the same storage (~/.agent-auth/).

Lebih banyak skill dari better-auth

agent-auth-cli
better-auth
Gunakan Agent Auth CLI (auth-agent) untuk menemukan penyedia, menghubungkan agen, mengelola kemampuan, dan menjalankan operasi. Gunakan saat pengguna ingin berinteraksi…
official
better-icons
better-auth
Cari dan ambil SVG dari 200+ pustaka ikon dengan integrasi CLI dan server MCP. Mendukung pencarian di berbagai koleksi utama (Lucide, Material Design Icons, Heroicons, Tabler, dan 200+ lainnya) dengan penyaringan berdasarkan prefiks dan batas hasil. Perintah CLI untuk mencari ikon, mengunduh batch sebagai file SVG, dan mengambil ikon individual dengan kustomisasi warna dan ukuran. Alat server MCP untuk agen AI termasuk rekomendasi cerdas, pencocokan kemiripan, pemindaian proyek, dan batch ikon...
official
better-auth-best-practices
better-auth
Penyiapan server dan klien Better Auth yang lengkap dengan adaptor basis data, manajemen sesi, plugin, dan konfigurasi keamanan. Mencakup alur kerja penuh mulai dari instalasi hingga migrasi basis data, penyiapan variabel lingkungan, dan pembuatan penangan rute di berbagai kerangka kerja. Mendukung beberapa adaptor basis data (Prisma, Drizzle, MongoDB, koneksi langsung) dengan panduan penting tentang konvensi penamaan model vs. tabel. Mencakup strategi penyimpanan sesi dengan penyimpanan sekunder (Redis/KV), cookie...
official
create-auth-skill
better-auth
Membuat kerangka dan mengimplementasikan autentikasi pada aplikasi TypeScript/JavaScript dengan deteksi framework Better Auth, pengaturan adaptor basis data, dan integrasi OAuth. Mendeteksi framework (Next.js, SvelteKit, Nuxt, Astro, Express, Hono), basis data (Prisma, Drizzle, MongoDB, driver mentah), dan pustaka autentikasi yang sudah ada melalui pemindaian proyek. Mendukung autentikasi email/kata sandi, OAuth (Google, GitHub, Apple, Microsoft, Discord, Twitter), tautan ajaib, passkey, dan autentikasi telepon dengan verifikasi email yang dapat dikonfigurasi...
official
Email & Password Best Practices
better-auth
email-&-password-best-practices — keterampilan yang dapat diinstal untuk agen AI, diterbitkan oleh better-auth/skills.
official
email-and-password-best-practices
better-auth
Verifikasi email, alur reset kata sandi, dan kebijakan kata sandi yang dapat disesuaikan untuk Better Auth. Mendukung verifikasi email dengan penegakan opsional untuk memblokir masuk hingga terverifikasi, plus kedaluwarsa token yang dapat dikonfigurasi dan token reset sekali pakai. Alur reset kata sandi dengan keamanan bawaan: pengiriman email latar belakang, pencegahan serangan waktu, operasi dummy pada permintaan tidak valid, dan pencabutan sesi opsional saat reset. Batas panjang kata sandi yang dapat dikonfigurasi (default 8–256 karakter) dan kustom...
official
organization-best-practices
better-auth
Penyiapan organisasi multi-penyewa dengan manajemen anggota, kontrol akses berbasis peran, dan dukungan tim melalui Better Auth. Konfigurasikan organisasi dengan aturan pembuatan yang dapat disesuaikan, batas keanggotaan, dan batasan kepemilikan; pembuat secara otomatis menerima peran pemilik. Kelola anggota dan undangan dengan pengiriman email, jendela kedaluwarsa, dan URL undangan yang dapat dibagikan; dukung beberapa peran per anggota. Tentukan peran dan izin kustom dengan kontrol akses dinamis; periksa izin...
official
two-factor-authentication-best-practices
better-auth
Autentikasi multi-faktor dengan TOTP, OTP, kode cadangan, dan manajemen perangkat tepercaya untuk Better Auth. Mendukung tiga metode verifikasi: aplikasi autentikator (TOTP dengan kode QR), kode email/SMS (OTP), dan kode cadangan sekali pakai. Menangani alur masuk 2FA lengkap dengan manajemen sesi otomatis, cookie 2FA sementara, dan pelacakan perangkat tepercaya dengan kedaluwarsa yang dapat dikonfigurasi. Fitur keamanan bawaan termasuk pembatasan kecepatan (3 permintaan per 10 detik), enkripsi saat istirahat untuk rahasia...
official