Corbado MCP. Manage user accounts, tokens, and complex login flows from chat.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
Corbado manages your identity and access infrastructure. This server lets you handle the full user lifecycle—creating users, managing login identifiers (email/phone), handling passkeys, and controlling sessions—all through natural language commands from your AI agent.
What your AI agents can do
Complete auth process
Finalizes a multi-step authentication flow after initial credentials have been provided.
Create connect token
Generates a temporary ConnectToken required for certain authenticated actions.
Create identifier
Adds a new login identifier (like an email address or phone number) to an existing user profile.
Creates, deletes, updates, and retrieves complete records for specific users in your system.
Initiates complex login flows—like SSO or Passkey logins—and completes the necessary authentication steps to log a user in.
Adds, modifies, or removes specific identifiers (emails, phones) linked to any user account for verification.
Lists all current active sessions or instantly invalidates a session using the session ID.
Ask AI about this MCP
Supported MCP Clients
Gemini Waiting for input…
Corbado: 43 Tools for Authentication & IAM
Use these tools to control every aspect of a user's identity, from initiating logins and managing credentials to auditing active sessions.
019ea5f7complete auth process
Finalizes a multi-step authentication flow after initial credentials have been provided.
019ea5f7create connect token
Generates a temporary ConnectToken required for certain authenticated actions.
019ea5f7create identifier
Adds a new login identifier (like an email address or phone number) to an existing user profile.
019ea5f7create user
Creates a brand-new Corbado user account within the system.
019ea5f7delete connect token
Removes an existing ConnectToken to invalidate related sessions or actions.
019ea5f7delete identifier
Permanently removes a specific login identifier from a user's profile.
019ea5f7delete me
Logs out and deletes the currently authenticated user's session data.
019ea5f7delete user
Deletes a specified Corbado user account from the system entirely.
019ea5f7finish connect login
Completes a connection login process after initial setup steps have been taken.
019ea5f7finish identifier verify
Confirms and finalizes the verification process for a newly added login identifier.
019ea5f7finish passkey append
Finishes the flow when a user is adding a new passkey to their account.
019ea5f7finish passkey login
Completes the login process specifically using biometric or physical passkeys.
019ea5f7finish sso
Finalizes a Single Sign-On (SAML2) authentication sequence after redirecting through an identity provider.
019ea5f7get apple app site association
Retrieves the Apple App Site Association data necessary for linking mobile apps to user accounts.
019ea5f7get assetlinks
Fetches the Asset Links required to verify ownership of a domain from an app package.
019ea5f7get auth process
Retrieves the necessary parameters and steps needed to begin any authentication process (login, signup, etc.).
019ea5f7get jwks
Gets the JSON Web Key Set data used for cryptographic verification of tokens.
019ea5f7get me
Retrieves basic details about the currently authenticated user, including their ID and status.
019ea5f7get user
Fetches detailed information for any specific Corbado user ID provided to the tool.
019ea5f7init auth process
Starts a generic, foundational authentication process flow when an unknown login method is used.
019ea5f7init connect login
Begins the standardized Connect login workflow to authenticate a user.
019ea5f7init login
Starts the basic, primary login flow for a Corbado account.
019ea5f7init signup
Kicks off the initial user registration process to create a new account.
019ea5f7list connect passkeys
Lists all registered passkeys associated with the current connected user's account.
019ea5f7list connect tokens
Retrieves a list of ConnectTokens currently held or associated with the user.
019ea5f7list identifiers
Lists all login identifiers (emails, usernames) attached to the current user's profile.
019ea5f7list sessions
Retrieves a list of every active session currently logged into the Corbado system.
019ea5f7list users
Outputs a paginated list containing basic details for all users in the project.
019ea5f7logout me
Ends the current user's session, forcing them to log out immediately.
019ea5f7refresh me
Extends the lifespan of the existing authentication session without requiring a password re-entry.
019ea5f7reset auth process
Clears any partially completed or stuck state from an ongoing authentication flow, allowing the user to start over.
019ea5f7revoke session
Ends a specific, identified session immediately and permanently.
019ea5f7skip auth block
Temporarily bypasses required authentication checks for testing or administrative purposes.
019ea5f7start connect login
Initiates the Connect login process, prompting the user to start authenticating via a specific method.
019ea5f7start identifier verify
Begins the workflow required to verify an identifier (like confirming ownership of an email address).
019ea5f7start passkey append
Starts the flow for a user who wants to add a new passkey to their existing account.
019ea5f7start passkey login
Begins the biometric or hardware-based login process using a registered passkey.
019ea5f7start sso
Initiates the Single Sign-On flow by redirecting the user to an external identity provider (SAML2).
019ea5f7update auth identifier
Changes or updates a specific login identifier for a user, often used when verifying ownership of new contact info.
019ea5f7update identifier
Modifies the details associated with an existing login identifier (e.g., correcting a phone number).
019ea5f7update me
Updates profile information for the currently logged-in user, like their name or display email.
019ea5f7update user
Modifies any non-critical details (like name or role) for a specific Corbado user ID.
019ea5f7verify signed data
Checks and confirms the integrity of data signed by a passkey, ensuring the request is legitimate.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Corbado, then connect any of our 4,700+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,700+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
What you can do with this MCP connector
Corbado manages your entire identity layer. You connect your AI client here to handle every step of a user's lifecycle, from initial sign-up through session revocation. This server gives your agent direct access to core authentication logic, letting you audit and modify account state using natural language commands.
Managing User Accounts
You can control the full user lifecycle directly. Use create_user to build a brand-new Corbado account, or call get_user with an ID to pull all detailed records for any specific user. If you need to modify basic profile details—like changing a name or role—you'll use update_user. To clean up accounts, you can delete a full record using delete_user, or if the current agent is logged in and needs to log out, it uses logout_me or calls delete_connect_token.
Controlling Credentials and Identifiers
Managing what a user is requires multiple steps. To add a new login method—like an email address or phone number—you use create_identifier. If you need to change contact info, the agent uses update_identifier or, for specific cases, update_auth_identifier. You can list every identifier attached to the current user's profile with list_identifiers, and if a credential is stale or incorrect, you can remove it entirely using delete_identifier.
For managing hardware keys, tools like start_passkey_append allow you to add new passkeys; you'll confirm ownership later with finish_passkey_append, and list all existing ones via list_connect_passkeys.
Authentication Flows: Starting the Login
When a user needs access, your agent starts specific flows. For basic sign-ups, it calls init_signup. If you're starting from scratch with an unknown login method, use init_auth_process. To start the primary, foundational login process for an existing account, you run init_login, while the standardized Connect workflow kicks off with init_connect_login or start_connect_login.
For enterprise environments, Single Sign-On starts by calling start_sso, which redirects users through external identity providers. If a user has passkeys, they start the process using start_passkey_login, and if you need to verify ownership of an identifier first, use start_identifier_verify.
Authentication Flows: Completing and Securing Sessions
The server handles all state transitions after initial steps are taken. After providing credentials, the agent completes a standard login with complete_auth_process. If it's SSO, you finish the sequence using finish_sso once the identity provider confirms the user. When logging in with passkeys, the flow wraps up by executing finish_passkey_login, which relies on verifying signed data via verify_signed_data.
You can also complete a connection login using finish_connect_login or finalize an identifier verification with finish_identifier_verify. If an authentication process gets stuck or fails midway, you use reset_auth_process to clear the state and let the user start over.
Monitoring Activity and State
The system gives you granular visibility into who's logged in. Call get_me for basic details about the currently authenticated user. To see detailed information on any specific account, use get_user. For session control, running list_sessions outputs every active connection ID. If a session needs to end immediately, you can force it closed using revoke_session, or if the current agent logs out, it calls logout_me.
You'll also need refresh_me when you want to extend an existing session without forcing the user to re-enter their password.
How Corbado MCP Works
- 1 Subscribe to this server and provide your Corbado Project credentials (Project ID, API Secret, Backend URL).
- 2 Instruct your AI agent to perform an action—for example, 'List all users who registered last week' or 'Revoke the session for user X'.
- 3 The tool executes the command, returns structured data about the requested operation, and allows the agent to follow up with related commands.
The bottom line is: you use a single prompt in your chat client to manage complex identity state changes that used to take multiple API calls or dashboard clicks.
Who Is Corbado MCP For?
Backend developers who get stuck debugging auth flows at 2 AM. Security engineers who have to audit hundreds of active sessions for compliance. Product Managers needing fast user growth metrics without leaving their development environment.
Uses tools like init_auth_process or get_user directly in the IDE to debug why a specific user's session failed, without having to spin up a local test environment.
Runs 'list all active sessions' and uses revoke_session immediately when suspicious activity is flagged in a support ticket.
Checks user adoption and onboarding health by running list_users to see registration status across the project.
What Changes When You Connect
- Instant Audit: Need to see who's logged in? Use
list_sessionsand get a real-time list of active connections. You don't have to check the dashboard—you just ask your agent. - Complex Auth, Simple Prompt: Authentication today involves SSO, passkeys, and multiple steps. With tools like
init_auth_process, you initiate the whole thing with one prompt, letting your agent guide you through the state changes. - Credential Control: Forget manual database updates for user emails or phone numbers. Use
create_identifierto add a new login ID orupdate_identifierto fix old ones—all from natural language. - Full User Lifecycle Management: From creating a brand-new account with
create_userto deleting it completely withdelete_user, you handle the entire user journey without leaving your chat client. - Security Reset: If a session gets hijacked, don't panic. Call
revoke_sessionand instantly cut off access using just the session ID.
Real-World Use Cases
Support Engineer needs to investigate a suspicious login attempt.
A user calls in saying their account was logged in from an unknown location. The engineer asks the agent: 'List all sessions for user ID X.' The agent runs list_sessions, shows the active entry, and then immediately uses revoke_session to lock it down. Problem solved in seconds.
Backend Dev debugging a failed passkey enrollment.
The developer knows the user needs to add a new biometric key but gets stuck on step 3 of the flow. They prompt the agent: 'Help me complete the passkey append for this user.' The agent runs start_passkey_append, and then guides them through the necessary final steps until they hit finish_passkey_append.
Product Manager wants to measure new signups.
The PM needs a quick count of newly registered users for their weekly report. They prompt: 'Show me all Corbado users created in the last 7 days.' The agent runs list_users, filters the output, and provides the exact data needed for the sprint review.
Admin needs to fix a user's outdated phone number.
The admin realizes User Y’s profile has an old phone number. They ask the agent: 'Update the primary identifier for User Y with 555-1234.' The agent uses update_identifier and confirms that the new credential is now correctly linked.
The Tradeoffs
Trying to manage state manually.
The developer tries to simulate a full login flow by calling init_login, then forgetting to call one of the subsequent required tools like finish_connect_login. The system fails because the auth state is incomplete.
→
Always treat authentication as a sequence. Start with get_auth_process first, then use the specific 'start' tool (like start_sso), and finally ensure you run the corresponding 'finish' tool to finalize the flow.
Updating data without checking permissions.
An agent attempts to call update_user on a user ID that doesn't belong to them or that is currently locked out. The operation fails, and the developer wastes time manually checking access logs.
→
Before modifying any user record, always run get_me (if acting on behalf of yourself) or get_user to verify current status and required permissions.
Using generic tokens for specific tasks.
The developer tries to use a general token update tool when they actually need to change the user's email. This results in data loss or an incorrect credential type being assigned.
→
Be precise with your calls. For changing emails, use update_identifier or create_identifier. Don't rely on generic tools for specific credential changes.
When It Fits, When It Doesn't
Use this server if you need granular control over every step of a user’s identity journey—from initial signup to session revocation. It's built for systems where the state (is the user logged in? does this ID exist?) matters more than just storing data.
Don't use this if your only goal is simple, single-function data storage or retrieval of non-auth information (e.g., product catalog details). For those cases, a standard CRUD toolset targeting that specific domain would be cleaner and less complex. If you only need to manage basic user records without handling the full authentication flow, stick to simpler services; Corbado is for identity gatekeeping.
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Corbado. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 43 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Available Capabilities
Debugging auth flows shouldn't require switching between five different tabs.
Today, if a login fails, you have to jump through hoops: check the main dashboard for session IDs, copy that ID into the logs viewer, then open the user management panel to see their last activity, and finally cross-reference an external service's status page. It’s manual, it’s slow, and you're always losing context.
With Corbado MCP Server, you ask your agent one thing: 'What happened with this login?' The agent runs `get_auth_process` or `list_sessions`, pulls the exact error code, identifies the failing credential (`create_identifier`), and tells you exactly which step needs fixing. You get context instantly.
Corbado MCP Server: Manage Passkeys from Chat
Manually onboarding a user with passkeys means coordinating multiple services: initiating the enrollment, verifying the device ownership, and finally updating the user record. This used to involve API calls across three different microservices just to get one key registered.
Now, you simply prompt your agent using `start_passkey_append`. The agent manages the complex state transition through the necessary steps—from initial request to final confirmation (`finish_passkey_append`)—and gets the passkey linked. It's that clean.
Common Questions About Corbado MCP
What does `init_auth_process` do? +
init_auth_process starts a generic authentication flow when you don't know which specific login method (like SSO or passkey) to use. It retrieves the necessary starting parameters needed to guide the user toward successful authentication.
How do I check if a session is active using `list_sessions`? +
list_sessions returns a list of all currently logged-in sessions, giving you the unique Session ID and the last activity timestamp. This lets you see who's connected without having to guess.
What is `revoke_session`? +
revoke_session immediately ends a user's access using a specific session ID. It’s your kill switch for suspicious or abandoned accounts, running the operation instantly via the agent.
Can I update a username with `update_user`? +
Yes, update_user modifies general details like the user's name or profile description. If you are changing their login identifier (like email), you must use update_identifier instead.
How do I make a new user account using `create_user`? +
create_user creates the core record for a brand-new Corbado user. This tool establishes the user ID and basic profile, but you'll likely need to follow up with create_identifier to give them an email or phone number.
If I use `start_passkey_login`, what are the subsequent steps? +
It initiates the multi-step passkey flow. After calling it, you must follow up by using a corresponding confirmation tool (like finish_passkey_login) to complete authentication and verify the user's device.
How do I manage or change a user’s email address with `create_identifier`? +
You use it to add, update, or delete specific login methods (emails, phone numbers) for any user. Note that newly created identifiers often enter a 'pending' state until the system verifies them.
If I run `delete_user`, does that automatically remove all associated tokens? +
It deletes the core user record, but you should explicitly use tools like list_connect_tokens and then delete_connect_token to clean up any active or orphaned connection tokens first. Better safe than sorry.
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
More in this category
42Crunch
Automate API security testing via 42Crunch — manage collections, trigger audits, run conformance scans, and retrieve security reports directly from any AI agent.
Irys
Manage permanent data storage on Irys — check storage prices, query transactions via GraphQL, and manage balances across multiple tokens.
Blockdaemon (Blockchain Infrastructure)
Access institutional-grade blockchain data across multiple protocols — list blocks, track transactions, and retrieve financial reports via Blockdaemon Ubiquity.
You might also like
Texter
Send automated text messages and run SMS drip campaigns that engage leads and customers with timely follow-ups.
JD Cloud Infrastructure
Manage JD Cloud supply-chain infrastructure from your AI. Control VMs, disks, databases, and monitor resource metrics.
Better Proposals
Create and manage professional proposals via Better Proposals — list proposals, contacts, and templates directly from any AI agent.