diff --git a/auth4genai/mcp/get-started/call-your-apis-on-users-behalf.mdx b/auth4genai/mcp/get-started/call-your-apis-on-users-behalf.mdx
index 32d83ecea..2ec9a339f 100644
--- a/auth4genai/mcp/get-started/call-your-apis-on-users-behalf.mdx
+++ b/auth4genai/mcp/get-started/call-your-apis-on-users-behalf.mdx
@@ -11,6 +11,12 @@ import CreateMCPAPI from "/snippets/mcp/get-started/create-mcp-api.mdx";
import AssignPermissionsToRoles from "/snippets/mcp/get-started/config-tenant/assign-permissions-to-roles.mdx";
import { DownloadQuickstartButton } from "/snippets/download-quickstart/DownloadQuickstartButton.jsx";
import MCPGetStartedTestingInstructions from "/snippets/mcp/get-started/testing-instructions.mdx";
+import CreateEnvFile from "/snippets/mcp/get-started/call-your-apis/create-env-file.mdx";
+import CustomTokenExchangeAction from "/snippets/mcp/get-started/call-your-apis/custom-token-exchange-action.mdx";
+import RunMcpServerJs from "/snippets/mcp/get-started/call-your-apis/run-mcp-server-js.mdx";
+import RunMcpServerPython from "/snippets/mcp/get-started/call-your-apis/run-mcp-server-python.mdx";
+import ExchangeAccessTokenJs from "/snippets/mcp/get-started/call-your-apis/exchange-access-token-js.mdx";
+import ExchangeAccessTokenPython from "/snippets/mcp/get-started/call-your-apis/exchange-access-token-python.mdx";
To call your APIs on behalf of your users, the MCP server needs to exchange the Auth0 access token it received from the MCP client (with the audience set to the MCP server itself) for a new Auth0 access token with the audience set to your API.
@@ -19,7 +25,7 @@ In Auth0, this is called Custom Token Exchange and uses [RFC 8693](https://www.r
By the end of this quickstart, you should have an MCP server that can:
* Exchange an Auth0 access token for another Auth0 access token with a different audience using Custom Token Exchange
-* Verify the access token using the `@auth0/auth0-api-js` library (which uses `jose` under the hood) against your tenant JWKS, enforcing issuer, audience, and RS256
+* Verify the access token using the `@auth0/auth0-api-js` library (which uses `jose` under the hood) or the `auth0-api-python` library for Python against your tenant JWKS, enforcing issuer, audience, and RS256
@@ -89,173 +95,110 @@ auth0 api post resource-servers --data '{
Save the `Audience` from the command output; you'll need it in a later step.
-
+## Sample app
-
- Start by downloading the sample app for this quickstart. The sample includes a FastMCP MCP server with an Auth0 integration and a protected API built with
- [Fastify](https://fastify.dev/).
-
-
-
- Once downloaded, extract the files and open the project in your preferred IDE.
-
-
- Clone the repository and navigate to the sample app folder which includes a FastMCP MCP server with an Auth0 integration and a protected API built with
- [Fastify](https://fastify.dev/).
-
- ```shell wrap lines
- git clone https://github.com/auth0-samples/auth0-ai-samples.git
- cd auth0-ai-samples/auth-for-mcp/fastmcp-mcp-customtokenexchange-js
- ```
-
- Once cloned, open the project in your preferred IDE.
-
-
+
+
+
+ Start by downloading the sample app for this quickstart. The sample includes a FastMCP MCP server with an Auth0 integration and a protected API built with
+ [Fastify](https://fastify.dev/).
-The sample app demonstrates custom token exchange with a `greet` tool that calls your protected API on behalf of the authenticated user.
+
-## Install packages
-
-Ensure you have npm installed or follow the instructions to [install npm](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm) in its documentation. In the `fastmcp-mcp-customtokenexchange-js` directory, install the required packages:
-
-```shell
-npm install
-```
+ Once downloaded, extract the files and open the project in your preferred IDE.
+
+
+ Clone the repository and navigate to the sample app folder which includes a FastMCP MCP server with an Auth0 integration and a protected API built with
+ [Fastify](https://fastify.dev/).
-## Create your environment file
-
-In the `fastmcp-mcp-customtokenexchange-js` directory, run the following command to create a new `.env` file populated with all the required environment variables:
-
-```shell wrap lines expandable
-CLIENT_ID=$(jq -r '.client_id' auth0-app-details.json) \
-&& CLIENT_SECRET=$(jq -r '.client_secret' auth0-app-details.json) \
-&& DOMAIN=$(auth0 tenants list --json | jq -r '.[] | select(.active == true) | .name') \
-&& touch .env \
-&& echo "AUTH0_DOMAIN=${DOMAIN}" > .env \
-&& echo "AUTH0_AUDIENCE=http://localhost:3001/" >> .env \
-&& echo "PORT=3001" >> .env \
-&& echo "MCP_SERVER_URL=http://localhost:3001/" >> .env \
-&& echo "MCP_AUTH0_CLIENT_ID=${CLIENT_ID}" >> .env \
-&& echo "MCP_AUTH0_CLIENT_SECRET=${CLIENT_SECRET}" >> .env \
-&& echo "MCP_AUTH0_SUBJECT_TOKEN_TYPE=urn:fastmcp:mcp" >> .env \
-&& echo "MCP_AUTH0_EXCHANGE_SCOPE=read:tasks" >> .env \
-&& echo "API_AUTH0_AUDIENCE=http://localhost:8787/" >> .env \
-&& echo "API_BASE_URL=http://localhost:8787/" >> .env \
-&& rm auth0-app-details.json \
-&& echo ".env file created with your Auth0 details:" \
-&& cat .env
-```
-
-To get your Auth0 application’s `AUTH0_DOMAIN`, run the following command:
-
-```shell
-auth0 tenants list
-```
+ ```shell wrap lines
+ git clone https://github.com/auth0-samples/auth0-ai-samples.git
+ cd auth0-ai-samples/auth-for-mcp/fastmcp-mcp-customtokenexchange-js
+ ```
-Copy the domain under `TENANT` from the output and update the corresponding variable in the `.env` file.
+ Once cloned, open the project in your preferred IDE.
+
+
-For `MCP_AUTH0_CLIENT_ID` and `MCP_AUTH0_CLIENT_SECRET` you will use the values obtained from the [Create an Application for your MCP server](./call-your-apis-on-users-behalf#create-an-application-for-your-mcp-server) step.
+ The sample app demonstrates custom token exchange with a `greet` tool that calls your protected API on behalf of the authenticated user.
-## Use Custom Token Exchange Action
+ ## Install packages
-This Action is the server-side logic Auth0 executes to perform the token exchange. It is necessary because the MCP server receives an access token from the client (with the MCP server as its audience) and must exchange it for a new token (with the upstream API as the audience). This Action validates the original token and mints the new one.
+ Ensure you have npm installed or follow the instructions to [install npm](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm) in its documentation. In the `fastmcp-mcp-customtokenexchange-js` directory, install the required packages:
-The Custom Token Exchange Action is available as part of Custom Token Exchange Early Access. Navigate to [the On-behalf-of token exchange for first-party apps template available here](https://manage.auth0.com/#/actions/library/templates/templates/daeda4e8-8da2-4abb-afb5-ac09df0ebb2a) and click on **Use This Template**.
-
-
- 
-
-
-This will open a modal for you to name the action:
-
-
- 
-
-
-Once the action is created, you can **Deploy** it. When you deploy the Action, Auth0 assigns it an Action ID. You still need to add your custom logic to the Action, but first, get the Action ID to create the Custom Token Exchange Profile.
+ ```shell
+ npm install
+ ```
-## Set up the token exchange profile
+ ## Create your environment file
+
-
+ ## Use Custom Token Exchange Action
+
-## Run the MCP server and the API
+ ## Set up the token exchange profile
+
-Run this command to start your server:
+ ## Run the MCP server and the API
+
-```shell
-npm run start
-```
+ ## Exchange your access token
+
+
-And in a separate window run this command to start the API:
+
+
+
+ Start by downloading the sample app for this quickstart. The sample includes a FastMCP MCP server with an Auth0 integration and a protected Starlette-based API.
-```shell
-npm run start:api
-```
+
-## Exchange your access token
+ Once downloaded, extract the files and open the project in your preferred IDE.
+
+
+ Clone the repository and navigate to the sample app folder which includes a FastMCP MCP server with an Auth0 integration and a protected Starlette-based API.
-To call your APIs on behalf of your users, the MCP server needs to exchange the Auth0 access token it received from the MCP client (with the audience set to the MCP server itself) for a new Auth0 access token with the audience set to your API. In Auth0, this is called Custom Token Exchange and uses [RFC 8693](https://www.rfc-editor.org/rfc/rfc8693.html).
+ ```shell wrap lines
+ git clone https://github.com/auth0-samples/auth0-ai-samples.git
+ cd auth0-ai-samples/auth-for-mcp/fastmcp-mcp-customtokenexchange-python
+ ```
-### The Orchestrator: `bearerForUpstream`
+ Once cloned, open the project in your preferred IDE.
+
+
-The process begins with the `bearerForUpstream` function. Its main job is to take the initial token (the `subjectToken`), manage the exchange process, and handle any potential errors gracefully.
+ The sample app demonstrates custom token exchange with a `greet` tool that calls your protected API on behalf of the authenticated user.
-This function serves as a safe wrapper around our exchange logic.
+ ## Install packages
-```shell wrap lines highlight={5}
-async function bearerForUpstream(subjectToken: string) {
- if (!subjectToken) return { token: null, scopes: null };
+ Ensure you have poetry installed or follow the instructions to [install poetry](https://python-poetry.org/docs/) in its documentation. In the `fastmcp-mcp-customtokenexchange-python` directory, install the required packages:
- try {
- const result = await exchangeCustomToken(subjectToken);
- return {
- token: result.accessToken,
- scopes: result.scope,
- }
- } catch (err) {
- console.error('Error during token exchange:', err);
- throw err;
- }
-}
-```
+ ```shell
+ poetry install
+ ```
-As you can see, it calls `exchangeCustomToken` and, on a successful exchange, returns the new `accessToken` and its associated scope. If the exchange fails, it logs the error and re-throws it to be handled upstream.
+ ## Create your environment file
+
-### The core logic: `exchangeCustomToken`
+ ## Use Custom Token Exchange Action
+
-This function, located in `src/auth0.ts`, contains the actual token exchange logic. It uses the `ApiClient` from the `auth0-api-js` SDK to simplify the interaction with Auth0's `/oauth/token` endpoint.
+ ## Set up the token exchange profile
+
-First, we initialize the `ApiClient` with the credentials of the application performing the exchange:
+ ## Run the MCP server and the API
+
-```javascript wrap lines
- const exchangeClient = new ApiClient({
- domain: AUTH0_DOMAIN,
- audience: API_AUTH0_AUDIENCE,
- clientId: MCP_AUTH0_CLIENT_ID,
- clientSecret: MCP_AUTH0_CLIENT_SECRET,
-});
-```
-With the client configured, the `exchangeCustomToken` function calls the `getTokenByExchangeProfile` method. This method implements the [Custom Token Exchange](https://auth0.com/docs/authenticate/custom-token-exchange) flow.
-
-```javascript wrap lines
-export async function exchangeCustomToken(subjectToken: string) {
- return await exchangeClient.getTokenByExchangeProfile(subjectToken, {
- subjectTokenType: MCP_AUTH0_SUBJECT_TOKEN_TYPE,
- audience: API_AUTH0_AUDIENCE,
- ...(MCP_AUTH0_EXCHANGE_SCOPE && { scope: MCP_AUTH0_EXCHANGE_SCOPE }),
- });
-}
-```
+ ## Exchange your access token
+
+
+
diff --git a/auth4genai/snippets/mcp/get-started/call-your-apis/create-env-file.mdx b/auth4genai/snippets/mcp/get-started/call-your-apis/create-env-file.mdx
new file mode 100644
index 000000000..890c04dd7
--- /dev/null
+++ b/auth4genai/snippets/mcp/get-started/call-your-apis/create-env-file.mdx
@@ -0,0 +1,21 @@
+From the root of your sample app directory, run the following command to create a new `.env` file populated with all the required environment variables:
+
+```shell wrap lines expandable
+CLIENT_ID=$(jq -r '.client_id' auth0-app-details.json) \
+&& CLIENT_SECRET=$(jq -r '.client_secret' auth0-app-details.json) \
+&& DOMAIN=$(auth0 tenants list --json | jq -r '.[] | select(.active == true) | .name') \
+&& touch .env \
+&& echo "AUTH0_DOMAIN=${DOMAIN}" > .env \
+&& echo "AUTH0_AUDIENCE=http://localhost:3001/" >> .env \
+&& echo "PORT=3001" >> .env \
+&& echo "MCP_SERVER_URL=http://localhost:3001/" >> .env \
+&& echo "MCP_AUTH0_CLIENT_ID=${CLIENT_ID}" >> .env \
+&& echo "MCP_AUTH0_CLIENT_SECRET=${CLIENT_SECRET}" >> .env \
+&& echo "MCP_AUTH0_SUBJECT_TOKEN_TYPE=urn:fastmcp:mcp" >> .env \
+&& echo "MCP_AUTH0_EXCHANGE_SCOPE=openid offline_access read:private" >> .env \
+&& echo "API_AUTH0_AUDIENCE=http://localhost:8787/" >> .env \
+&& echo "API_BASE_URL=http://localhost:8787/" >> .env \
+&& rm auth0-app-details.json \
+&& echo ".env file created with your Auth0 details:" \
+&& cat .env
+```
diff --git a/auth4genai/snippets/mcp/get-started/call-your-apis/custom-token-exchange-action.mdx b/auth4genai/snippets/mcp/get-started/call-your-apis/custom-token-exchange-action.mdx
new file mode 100644
index 000000000..472b3a103
--- /dev/null
+++ b/auth4genai/snippets/mcp/get-started/call-your-apis/custom-token-exchange-action.mdx
@@ -0,0 +1,22 @@
+This Action is the server-side logic Auth0 executes to perform the token exchange. It is necessary because the MCP server receives an access token from the client (with the MCP server as its audience) and must exchange it for a new token (with the upstream API as the audience). This Action validates the original token and mints the new one.
+
+The Custom Token Exchange Action is available as part of Custom Token Exchange Early Access. Navigate to [the On-behalf-of token exchange for first-party apps template available here](https://manage.auth0.com/#/actions/library/templates/templates/daeda4e8-8da2-4abb-afb5-ac09df0ebb2a) and click on **Use This Template**.
+
+
+
+
+
+This will open a modal for you to name the action:
+
+
+
+
+
+Once the action is created, you can **Deploy** it. When you deploy the Action, Auth0 assigns it an Action ID. You still need to add your custom logic to the Action, but first, get the Action ID to create the Custom Token Exchange Profile.
diff --git a/auth4genai/snippets/mcp/get-started/call-your-apis/exchange-access-token-js.mdx b/auth4genai/snippets/mcp/get-started/call-your-apis/exchange-access-token-js.mdx
new file mode 100644
index 000000000..901ea5167
--- /dev/null
+++ b/auth4genai/snippets/mcp/get-started/call-your-apis/exchange-access-token-js.mdx
@@ -0,0 +1,52 @@
+To call your APIs on behalf of your users, the MCP server needs to exchange the Auth0 access token it received from the MCP client (with the audience set to the MCP server itself) for a new Auth0 access token with the audience set to your API. In Auth0, this is called Custom Token Exchange and uses [RFC 8693](https://www.rfc-editor.org/rfc/rfc8693.html).
+
+### The Orchestrator: `bearerForUpstream`
+
+The process begins with the `bearerForUpstream` function. Its main job is to take the initial token (the `subjectToken`), manage the exchange process, and handle any potential errors gracefully.
+
+This function serves as a safe wrapper around our exchange logic.
+
+```javascript wrap lines highlight={5}
+async function bearerForUpstream(subjectToken: string) {
+ if (!subjectToken) return { token: null, scopes: null };
+
+ try {
+ const result = await exchangeCustomToken(subjectToken);
+ return {
+ token: result.accessToken,
+ scopes: result.scope,
+ }
+ } catch (err) {
+ console.error('Error during token exchange:', err);
+ throw err;
+ }
+}
+```
+
+As you can see, it calls `exchangeCustomToken` and, on a successful exchange, returns the new `accessToken` and its associated scope. If the exchange fails, it logs the error and re-throws it to be handled upstream.
+
+### The core logic: `exchangeCustomToken`
+
+This function, located in `src/auth0.ts`, contains the actual token exchange logic. It uses the `ApiClient` from the `auth0-api-js` SDK to simplify the interaction with Auth0's `/oauth/token` endpoint.
+
+First, we initialize the `ApiClient` with the credentials of the application performing the exchange:
+
+```javascript wrap lines
+ const exchangeClient = new ApiClient({
+ domain: AUTH0_DOMAIN,
+ audience: API_AUTH0_AUDIENCE,
+ clientId: MCP_AUTH0_CLIENT_ID,
+ clientSecret: MCP_AUTH0_CLIENT_SECRET,
+});
+```
+With the client configured, the `exchangeCustomToken` function uses the client's `getTokenByExchangeProfile` method to perform the token exchange. This method implements the [Custom Token Exchange](https://auth0.com/docs/authenticate/custom-token-exchange) flow.
+
+```javascript wrap lines
+export async function exchangeCustomToken(subjectToken: string) {
+ return await exchangeClient.getTokenByExchangeProfile(subjectToken, {
+ subjectTokenType: MCP_AUTH0_SUBJECT_TOKEN_TYPE,
+ audience: API_AUTH0_AUDIENCE,
+ ...(MCP_AUTH0_EXCHANGE_SCOPE && { scope: MCP_AUTH0_EXCHANGE_SCOPE }),
+ });
+}
+```
diff --git a/auth4genai/snippets/mcp/get-started/call-your-apis/exchange-access-token-python.mdx b/auth4genai/snippets/mcp/get-started/call-your-apis/exchange-access-token-python.mdx
new file mode 100644
index 000000000..3a8b14b05
--- /dev/null
+++ b/auth4genai/snippets/mcp/get-started/call-your-apis/exchange-access-token-python.mdx
@@ -0,0 +1,69 @@
+To call your APIs on behalf of your users, the MCP server needs to exchange the Auth0 access token it received from the MCP client (with the audience set to the MCP server itself) for a new Auth0 access token with the audience set to your API. In Auth0, this is called Custom Token Exchange and uses [RFC 8693](https://www.rfc-editor.org/rfc/rfc8693.html).
+
+### How tools use token exchange
+Here's how the `greet` tool performs token exchange and calls the upstream API:
+
+```python wrap lines highlight={10,11,12,13,14,19}
+@mcp.tool(name="greet")
+@require_scopes(["tool:greet"])
+async def greet(name: str, ctx: Context) -> str:
+ user_name = name.strip() if name else "there"
+ auth_info = ctx.request_context.request.state.auth
+ user_id = auth_info.get("extra", {}).get("sub")
+
+ logger.info(f"Greet tool invoked for user: {user_id}")
+
+ # Exchange token and call upstream API
+ exchange_result = await exchange_custom_token(
+ ctx.request_context.request.state.api_client,
+ auth_info["token"]
+ )
+
+ async with httpx.AsyncClient() as client:
+ response = await client.get(
+ f"{config.api_base_url}/api/private-scope",
+ headers={"authorization": f"Bearer {exchange_result['token']}"}
+ )
+ upstream_result = response.json()
+
+ return f"Hello, {user_name} ({user_id})!\nUpstream API Response: {json.dumps(upstream_result, indent=2)}"
+```
+
+### The core logic: `exchange_custom_token`
+
+The Python implementation uses the `exchange_custom_token` function that handles the token exchange process.
+
+```python wrap lines highlight={3,4,5,6,7,8}
+async def exchange_custom_token(api_client, subject_token: str) -> dict:
+ """Exchange subject token for access token via Custom Token Exchange."""
+ result = await api_client.get_token_by_exchange_profile(
+ subject_token=subject_token,
+ subject_token_type=config.mcp_auth0_subject_token_type,
+ audience=config.api_auth0_audience,
+ scope=config.mcp_auth0_exchange_scope or None
+ )
+ return {"token": result["access_token"], "scopes": result.get("scope", "")}
+```
+
+This function uses the `get_token_by_exchange_profile` method of `ApiClient` from the `auth0-api-python` SDK and, on a successful exchange, returns the new access token and its associated scopes. This method implements the [Custom Token Exchange](https://auth0.com/docs/authenticate/custom-token-exchange) flow.
+
+### Client Configuration
+
+The `ApiClient` is initialized in the `Auth0Middleware` (located in `src/auth0/middleware.py`) with the credentials of the application performing the exchange:
+
+```python src/auth0/middleware.py wrap lines
+self.client = ApiClient(ApiClientOptions(
+ domain=domain, # AUTH0_DOMAIN env var
+ audience=audience, # API_AUTH0_AUDIENCE env var
+ client_id=client_id, # MCP_AUTH0_CLIENT_ID env var
+ client_secret=client_secret # MCP_AUTH0_CLIENT_SECRET env var
+))
+```
+
+The configured client is then attached to the request context during middleware processing, making it available to all tools:
+
+```python src/auth0/middleware.py wrap lines
+# In the Auth0Middleware dispatch method
+request.state.api_client = self.client
+```
+
diff --git a/auth4genai/snippets/mcp/get-started/call-your-apis/run-mcp-server-js.mdx b/auth4genai/snippets/mcp/get-started/call-your-apis/run-mcp-server-js.mdx
new file mode 100644
index 000000000..b0ce4d022
--- /dev/null
+++ b/auth4genai/snippets/mcp/get-started/call-your-apis/run-mcp-server-js.mdx
@@ -0,0 +1,11 @@
+Run this command to start your server:
+
+```shell
+npm run start
+```
+
+And in a separate window run this command to start the API:
+
+```shell
+npm run start:api
+```
diff --git a/auth4genai/snippets/mcp/get-started/call-your-apis/run-mcp-server-python.mdx b/auth4genai/snippets/mcp/get-started/call-your-apis/run-mcp-server-python.mdx
new file mode 100644
index 000000000..c026364b4
--- /dev/null
+++ b/auth4genai/snippets/mcp/get-started/call-your-apis/run-mcp-server-python.mdx
@@ -0,0 +1,11 @@
+Run this command to start your server:
+
+```shell
+poetry run python -m src.server
+```
+
+And in a separate window run this command to start the API:
+
+```shell
+poetry run python -m src.api.server
+```
diff --git a/auth4genai/snippets/mcp/get-started/create-mcp-api.mdx b/auth4genai/snippets/mcp/get-started/create-mcp-api.mdx
index b720f4849..833dedf12 100644
--- a/auth4genai/snippets/mcp/get-started/create-mcp-api.mdx
+++ b/auth4genai/snippets/mcp/get-started/create-mcp-api.mdx
@@ -18,4 +18,4 @@ auth0 api post resource-servers --data '{
Note that `rfc9068_profile_authz` is used as the [token dialect](https://auth0.com/docs/get-started/apis/enable-role-based-access-control-for-apis#token-dialect-options) to include the `permissions` claim in the access token, which can be useful for the API to check user permissions without making additional calls.
-For more details on protecting APIs with Auth0, check our [quickstarts](https://auth0.com/docs/quickstarts#backend%2Fapi).
\ No newline at end of file
+For more details on protecting APIs with Auth0, check our [quickstarts](https://auth0.com/docs/quickstarts#backend%2Fapi).
diff --git a/auth4genai/snippets/mcp/get-started/server-authorization.mdx b/auth4genai/snippets/mcp/get-started/server-authorization.mdx
index 22214b30e..3bf0cc9ce 100644
--- a/auth4genai/snippets/mcp/get-started/server-authorization.mdx
+++ b/auth4genai/snippets/mcp/get-started/server-authorization.mdx
@@ -23,60 +23,115 @@ By the end of this quickstart, you will have an MCP server that:
+## Sample app
-
- Start by downloading the sample app for this quickstart. The sample includes a FastMCP MCP server with an Auth0 integration in JavaScript.
+
+
+
+ Start by downloading the sample app for this quickstart. The sample includes a FastMCP MCP server with an Auth0 integration in JavaScript.
+
+
+
+ Once downloaded, extract the files and open the project in your preferred IDE.
+
+
+ Clone the repository and navigate to the sample app folder which includes a FastMCP MCP server with an Auth0 integration in JavaScript.
+
+ ```shell wrap lines
+ git clone https://github.com/auth0-samples/auth0-ai-samples.git
+ cd auth0-ai-samples/auth-for-mcp/fastmcp-mcp-js
+ ```
+
+ Once cloned, open the project in your preferred IDE.
+
+
+ ## Install packages
+
+ Ensure you have npm installed or follow the instructions to [install npm](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm) in its documentation. In the `fastmcp-mcp-js` directory, install the required packages:
+
+ ```shell
+ npm install
+ ```
-
+ ## Create your environment file
- Once downloaded, extract the files and open the project in your preferred IDE.
-
-
- Clone the repository and navigate to the sample app folder which includes a FastMCP MCP server with an Auth0 integration in JavaScript.
+ In the `fastmcp-mcp-js` directory, run the following command to create a new `.env` file populated with all the required environment variables:
```shell wrap lines
- git clone https://github.com/auth0-samples/auth0-ai-samples.git
- cd auth0-ai-samples/auth-for-mcp/fastmcp-mcp-js
+ DOMAIN=$(auth0 tenants list --json | jq -r '.[] | select(.active == true) | .name') \
+ && touch .env \
+ && echo "AUTH0_DOMAIN=${DOMAIN}" > .env \
+ && echo "AUTH0_AUDIENCE=http://localhost:3001/" >> .env \
+ && echo "PORT=3001" >> .env \
+ && echo "MCP_SERVER_URL=http://localhost:3001/" >> .env \
+ && echo ".env file created with your Auth0 details:" \
+ && cat .env
```
- Once cloned, open the project in your preferred IDE.
+ ## Run your MCP server
+
+ Run this command to start your server:
+
+ ```shell
+ npm run start
+ ```
-
-## Install packages
+
+
+
+ Start by downloading the sample app for this quickstart. The sample includes a FastMCP MCP server with an Auth0 integration in Python.
+
+
-Ensure you have npm installed or follow the instructions to [install npm](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm) in its documentation. In the `fastmcp-mcp-js` directory, install the required packages:
+ Once downloaded, extract the files and open the project in your preferred IDE.
+
+
+ Clone the repository and navigate to the sample app folder which includes a FastMCP MCP server with an Auth0 integration in Python.
-```shell
-npm install
-```
+ ```shell wrap lines
+ git clone https://github.com/auth0-samples/auth0-ai-samples.git
+ cd auth0-ai-samples/auth-for-mcp/fastmcp-mcp-python
+ ```
-## Create your environment file
+ Once cloned, open the project in your preferred IDE.
+
+
+ ## Install packages
-In the `fastmcp-mcp-js` directory, create a new `.env` file and add the following content:
+ Ensure you have poetry installed or follow the instructions to [install poetry](https://python-poetry.org/docs/) in its documentation. In the `fastmcp-mcp-python` directory, install the required packages:
-```shell
-AUTH0_DOMAIN=
-AUTH0_AUDIENCE=http://localhost:3001
-PORT=3001
-MCP_SERVER_URL=http://localhost:3001
-```
+ ```shell
+ poetry install
+ ```
-To get your Auth0 application’s `AUTH0_DOMAIN`, run the following command:
+ ## Create your environment file
-```shell
-auth0 tenants list
-```
+ In the `fastmcp-mcp-python` directory, run the following command to create a new `.env` file populated with all the required environment variables:
-Copy the domain under `TENANT` from the output and update the corresponding variable in the `.env` file.
+ ```shell wrap lines
+ DOMAIN=$(auth0 tenants list --json | jq -r '.[] | select(.active == true) | .name') \
+ && touch .env \
+ && echo "AUTH0_DOMAIN=${DOMAIN}" > .env \
+ && echo "AUTH0_AUDIENCE=http://localhost:3001/" >> .env \
+ && echo "PORT=3001" >> .env \
+ && echo "MCP_SERVER_URL=http://localhost:3001/" >> .env \
+ && echo ".env file created with your Auth0 details:" \
+ && cat .env
+ ```
-## Run your MCP server
+ ## Run your MCP server
-Run this command to start your server:
+ Run this command to start your server:
-```shell
-npm run start
-```
+ ```shell
+ poetry run python -m src.server
+ ```
+
+