MCP Server for Authentication Management
Enterprise-grade authentication solution providing:
- ? Secure credential management with AES-256 encryption
- ⚙️ Multi-protocol auth (OAuth2, SAML, LDAP)
- ?️ Real-time threat detection and prevention
Features
analyze_project - Analyze project structure for auth setup recommendationssetup_better_auth - Configure auth providers with project ID and API keyanalyze_current_auth - Detect existing auth.js/next-auth implementationsgenerate_migration_plan - Create step-by-step migration path
Testing & Security
test_auth_flows - Validate login/register/reset/2fa flowstest_security - Run OWASP-aligned security checksanalyze_logs - Review auth system logs for issuesmonitor_auth_flows - Real-time authentication monitoring
Available Resources
better-auth://config - Current Better-Auth configuration settingsbetter-auth://logs - Authentication system logs
Development
Clone and install:
git clone https://github.com/better-auth-mcp-server/better-auth-mcp-server.git
cd better-auth-mcp-server
npm install
Build the server:
npm run build
For development with auto-rebuild:
npm run watch
Configuration
Environment Variables
# Required
BETTER_AUTH_PROJECT_ID=your-project-id
BETTER_AUTH_API_KEY=your-api-key
# Optional
BETTER_AUTH_ENV=development|staging|production
LOG_LEVEL=info|debug|error
Security Best Practices
- API Key Management
- Store API keys in environment variables
- Rotate keys regularly
-
Use different keys per environment
-
Access Control
- Implement rate limiting
- Configure IP allowlists
-
Use principle of least privilege
-
Monitoring
- Enable audit logging
- Monitor auth failures
- Set up alerts for suspicious activity
Installation
Installing via Smithery
To install Better Auth MCP Server for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install @nahmanmate/better-auth-mcp-server --client claude
To use with Claude Desktop, add the server config:
On MacOS: ~/Library/Application Support/Claude/claude_desktop_config.json
On Windows: %APPDATA%/Claude/claude_desktop_config.json
{
"mcpServers": {
"better-auth-mcp-server": {
"command": "node",
"args": ["/path/to/better-auth-mcp-server/build/index.js"],
"disabled": false,
"alwaysAllow": []
}
}
}
Debugging
Since MCP servers communicate over stdio, debugging can be challenging. We recommend using the MCP Inspector, which is available as a package script:
npm run inspector
The Inspector will provide a URL to access debugging tools in your browser.
Usage Examples
Project Setup
// Initialize Better-Auth in your project
await mcp.useTool('setup_better_auth', {
projectPath: './my-next-app',
config: {
projectId: process.env.BETTER_AUTH_PROJECT_ID,
apiKey: process.env.BETTER_AUTH_API_KEY
}
});
// Test core authentication flows
await mcp.useTool('test_auth_flows', {
flows: ['login', 'register', '2fa']
});
Migration from Auth.js/NextAuth
// Analyze current auth implementation
await mcp.useTool('analyze_current_auth', {
projectPath: './my-next-app'
});
// Generate migration steps
await mcp.useTool('generate_migration_plan', {
projectPath: './my-next-app',
currentAuthType: 'next-auth'
});
[
{
"description": "Analyze project structure and dependencies to recommend Better-Auth setup approach",
"inputSchema": {
"properties": {
"projectPath": {
"description": "Path to the project root",
"type": "string"
}
},
"required": [
"projectPath"
],
"type": "object"
},
"name": "analyze_project"
},
{
"description": "Install and configure Better-Auth in the project",
"inputSchema": {
"properties": {
"config": {
"description": "Better-Auth configuration options",
"properties": {
"apiKey": {
"type": "string"
},
"environment": {
"type": "string"
},
"projectId": {
"type": "string"
}
},
"required": [
"projectId",
"apiKey"
],
"type": "object"
},
"projectPath": {
"description": "Path to the project root",
"type": "string"
}
},
"required": [
"projectPath",
"config"
],
"type": "object"
},
"name": "setup_better_auth"
},
{
"description": "Detect and analyze existing auth.js/next-auth implementation",
"inputSchema": {
"properties": {
"projectPath": {
"description": "Path to the project root",
"type": "string"
}
},
"required": [
"projectPath"
],
"type": "object"
},
"name": "analyze_current_auth"
},
{
"description": "Create step-by-step migration plan from existing auth to Better-Auth",
"inputSchema": {
"properties": {
"currentAuthType": {
"description": "Current authentication system type",
"enum": [
"auth.js",
"next-auth"
],
"type": "string"
},
"projectPath": {
"description": "Path to the project root",
"type": "string"
}
},
"required": [
"projectPath",
"currentAuthType"
],
"type": "object"
},
"name": "generate_migration_plan"
},
{
"description": "Test authentication workflows",
"inputSchema": {
"properties": {
"flows": {
"description": "Authentication flows to test",
"items": {
"enum": [
"login",
"register",
"password-reset",
"2fa"
],
"type": "string"
},
"type": "array"
}
},
"required": [
"flows"
],
"type": "object"
},
"name": "test_auth_flows"
},
{
"description": "Run security tests on Better-Auth setup",
"inputSchema": {
"properties": {
"tests": {
"items": {
"enum": [
"password-policy",
"rate-limiting",
"session-management"
],
"type": "string"
},
"type": "array"
}
},
"required": [
"tests"
],
"type": "object"
},
"name": "test_security"
},
{
"description": "Analyze Better-Auth logs for issues",
"inputSchema": {
"properties": {
"timeRange": {
"description": "Time range to analyze (e.g. '24h', '7d')",
"type": "string"
}
},
"required": [
"timeRange"
],
"type": "object"
},
"name": "analyze_logs"
},
{
"description": "Real-time monitoring of authentication processes",
"inputSchema": {
"properties": {
"duration": {
"description": "Monitoring duration (e.g. '1h', '30m')",
"type": "string"
}
},
"required": [
"duration"
],
"type": "object"
},
"name": "monitor_auth_flows"
}
]