Auth0 · Capability
Auth0 API — Authorize User
Auth0 API — Authorize User. 1 operations. Lead operation: Auth0 Authenticate a user with a social provider, Database/AD/LDAP (Passive), SAML/Windows Azure AD (Passive), Authorization Code Flow, Authorization Code Grant (PKCE) Flow, or Implicit Flow. Self-contained Naftiko capability covering one Auth0 business surface.
What You Can Do
GET
Authorize
— Auth0 Authenticate a user with a social provider, Database/AD/LDAP (Passive), SAML/Windows Azure AD (Passive), Authorization Code Flow, Authorization Code Grant (PKCE) Flow, or Implicit Flow
/v1/authorize
MCP Tools
auth0-authenticate-user-social-provider
Auth0 Authenticate a user with a social provider, Database/AD/LDAP (Passive), SAML/Windows Azure AD (Passive), Authorization Code Flow, Authorization Code Grant (PKCE) Flow, or Implicit Flow
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Auth0 API — Authorize User
description: 'Auth0 API — Authorize User. 1 operations. Lead operation: Auth0 Authenticate a user with a social provider,
Database/AD/LDAP (Passive), SAML/Windows Azure AD (Passive), Authorization Code Flow, Authorization Code Grant (PKCE)
Flow, or Implicit Flow. Self-contained Naftiko capability covering one Auth0 business surface.'
tags:
- Auth0
- Authorize User
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
AUTH0_API_KEY: AUTH0_API_KEY
capability:
consumes:
- type: http
namespace: auth0-authorize-user
baseUri: ''
description: Auth0 API — Authorize User business capability. Self-contained, no shared references.
resources:
- name: authorize
path: /authorize
operations:
- name: authorize
method: GET
description: Auth0 Authenticate a user with a social provider, Database/AD/LDAP (Passive), SAML/Windows Azure AD (Passive),
Authorization Code Flow, Authorization Code Grant (PKCE) Flow, or Implicit Flow
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: audience
in: query
type: string
description: The unique identifier of the target API you want to access
- name: scope
in: query
type: string
description: The scopes which you want to request authorization for. These must be separated by a space. You can
request any of the standard OpenID Connect (OIDC) scopes abo
- name: response_type
in: query
type: string
description: 'Indicates to Auth0 which OAuth 2.0 flow you want to perform. Use code for Authorization Code Grant
Flow, token for Implicit Flow, or id_token token for both an '
required: true
- name: client_id
in: query
type: string
description: Your application's ID.
required: true
- name: redirect_uri
in: query
type: string
description: The URL to which Auth0 will redirect the browser after authorization has been granted by the user.
- name: state
in: query
type: string
description: An opaque value the applications adds to the initial request that the authorization server includes
when redirecting the back to the application. This value mus
- name: nonce
in: query
type: string
description: A string value which will be included in the ID Token response from Auth0, used to prevent token replay
attacks. It is required for response_type=id_token token
- name: code_challenge_method
in: query
type: string
description: Method used to generate the challenge. The PKCE spec defines two methods, S256 and plain, however,
Auth0 supports only S256 since the latter is discouraged.
- name: code_challenge
in: query
type: string
description: Generated challenge from the code_verifier.
- name: connection
in: query
type: string
description: The name of the connection configured to your application.
- name: prompt
in: query
type: string
description: To initiate a silent authentication request, use prompt=none.
- name: organization
in: query
type: string
description: 'ID of the organization to use when authenticating a user. When not provided, if your application is
configured to Display Organization Prompt, the user will be '
- name: invitation
in: query
type: string
description: Ticket ID of the organization invitation. When inviting a member to an Organization, your application
should handle invitation acceptance by forwarding the invi
exposes:
- type: rest
namespace: auth0-authorize-user-rest
port: 8080
description: REST adapter for Auth0 API — Authorize User. One Spectral-compliant resource per consumed operation, prefixed
with /v1.
resources:
- path: /v1/authorize
name: authorize
description: REST surface for authorize.
operations:
- method: GET
name: authorize
description: Auth0 Authenticate a user with a social provider, Database/AD/LDAP (Passive), SAML/Windows Azure AD (Passive),
Authorization Code Flow, Authorization Code Grant (PKCE) Flow, or Implicit Flow
call: auth0-authorize-user.authorize
with:
audience: rest.audience
scope: rest.scope
response_type: rest.response_type
client_id: rest.client_id
redirect_uri: rest.redirect_uri
state: rest.state
nonce: rest.nonce
code_challenge_method: rest.code_challenge_method
code_challenge: rest.code_challenge
connection: rest.connection
prompt: rest.prompt
organization: rest.organization
invitation: rest.invitation
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: auth0-authorize-user-mcp
port: 9090
transport: http
description: MCP adapter for Auth0 API — Authorize User. One tool per consumed operation, routed inline through this capability's
consumes block.
tools:
- name: auth0-authenticate-user-social-provider
description: Auth0 Authenticate a user with a social provider, Database/AD/LDAP (Passive), SAML/Windows Azure AD (Passive),
Authorization Code Flow, Authorization Code Grant (PKCE) Flow, or Implicit Flow
hints:
readOnly: true
destructive: false
idempotent: true
call: auth0-authorize-user.authorize
with:
audience: tools.audience
scope: tools.scope
response_type: tools.response_type
client_id: tools.client_id
redirect_uri: tools.redirect_uri
state: tools.state
nonce: tools.nonce
code_challenge_method: tools.code_challenge_method
code_challenge: tools.code_challenge
connection: tools.connection
prompt: tools.prompt
organization: tools.organization
invitation: tools.invitation
outputParameters:
- type: object
mapping: $.