MCPs that handle authentication, identity, and access control
OAuth MCP servers handle user authentication, access tokens, and role-based permissions so agents can act on a user's behalf without hardcoded credentials. Supabase Auth, Clerk, Auth0, and Google OAuth all expose MCP-compatible flows. Required for any multi-user agent product.
OAuth MCPs manage the authentication lifecycle — user login, token refresh, role-based access, and secret vaulting. They let agents operate on behalf of users securely without exposing credentials.
Every push to main triggers a Supabase migration automatically. Schema diffs are committed and applied with zero manual steps.
A Linear issue assigned to a developer automatically creates a git branch, syncs status changes, and opens a draft PR.
Yes — the MCP specification defines a standard OAuth 2.1 authorization flow for server-to-client and user-delegated access, including refresh tokens.
Store secrets server-side. The MCP server holds tokens and passes only tool results to the LLM — credentials never enter the prompt.
Yes — revoke the OAuth token at the provider (Google, GitHub, etc.) and the agent loses access immediately on next refresh.
Both work well. Clerk has a simpler developer experience; Auth0 has deeper enterprise features (SAML, SSO). Pick based on your team's needs.
Browse the full marketplace or explore all tags to find the right MCPs for your stack.