- Auth0 authentication integration
- Secure session management with Workers KV
- Client-side user information display
- MCP endpoints for AI-powered features
- Server-Sent Events (SSE) endpoint for real-time communication
- Cloudflare account with Workers access
- Auth0 account and application
- Node.js and npm installed locally
- Wrangler CLI installed (
npm install -g wrangler)
- Create a new Regular Web Application in your Auth0 dashboard
- Configure the following in your application settings:
- Allowed Callback URLs:
http://127.0.0.1:8787/auth(for local development) - Allowed Logout URLs:
http://127.0.0.1:8787(for local development) - Allowed Web Origins:
http://127.0.0.1:8787(for local development) - Application Login URI: Leave empty for local development (Auth0 requires HTTPS for this field)
- Allowed Callback URLs:
- Make note of your Auth0 domain, Client ID, and Client Secret
For local development, create a .dev.vars file in the project root with the following variables:
AUTH0_DOMAIN="your-auth0-domain.auth0.com"
AUTH0_CLIENT_ID="your-auth0-client-id"
AUTH0_CLIENT_SECRET="your-auth0-client-secret"
AUTH0_CALLBACK_URL="http://127.0.0.1:8787/auth"
SALT="random-secure-salt-value"
For production deployment, set these as secrets using Wrangler:
wrangler secret put AUTH0_DOMAIN
wrangler secret put AUTH0_CLIENT_ID
wrangler secret put AUTH0_CLIENT_SECRET
wrangler secret put AUTH0_CALLBACK_URL
wrangler secret put SALT-
Create a new KV namespace using Wrangler:
wrangler kv namespace create AUTH_STOREThis will return an ID value.
-
Create a preview KV namespace for local development:
wrangler kv namespace create AUTH_STORE --previewThis will return a preview_id value.
-
Update the
wrangler.tomlfile with your KV namespace IDs:kv_namespaces = [ { binding = "AUTH_STORE", id = "your-kv-namespace-id", preview_id = "your-preview-id" } ]
npm installStart the local development server:
npm run dev
# or
npx wrangler devThis will start the application at http://127.0.0.1:8787.
- Navigate to
http://127.0.0.1:8787in your browser (or your deployed domain) - Click "Log In" to authenticate with Auth0
- After successful authentication, you'll be redirected back to the application
- Your profile information will be displayed
- Click "Fetch Data via MCP" to test the MCP integration
To deploy the application to Cloudflare Workers (optional):
npm run deploy
# or
wrangler deployauth0-cloudflare-poc/
├── public/ # Static assets
├── src/
│ ├── auth0.js # Auth0 integration
│ ├── index.js # Main application entry point
│ ├── mcp-agent.js # MCP agent implementation
│ └── utils.js # Utility functions
├── wrangler.toml # Cloudflare Workers configuration
├── .dev.vars.example # Local environment variables (which you will populate)
├── .gitignore # Git ignore file
├── package.json # Project dependencies
└── README.md # Project documentation
The application provides two MCP-related endpoints:
/mcp- HTTP endpoint for direct MCP requests/api/data- Simplified endpoint that uses the MCP agent to fetch data
The MCP agent is defined in src/mcp-agent.js and provides the following tools:
get_profile- Retrieves the authenticated user's profile informationget_data- Retrieves sample data associated with the authenticated user
- The user clicks "Log In" and is redirected to Auth0
- After authentication, Auth0 redirects back to the
/authendpoint - The application validates the token, extracts user info, and creates a session
- The session ID is stored in a secure cookie
- User data is displayed on the page
- The MCP agent provides tools for interacting with the application
- The
/api/dataendpoint demonstrates using MCP to fetch data - The
/mcp-sseendpoint supports real-time MCP connections with AI assistants
- Tokens are validated using JWT verification
- Sessions are stored in Workers KV and referenced by ID
- Cookies are secure, with HttpOnly and SameSite attributes
- State parameters protect against CSRF attacks
See the console logs in both the browser and Wrangler CLI output for debugging information.
MIT