Bring Authentication
to Mastra AI
Learn how to connect SuperTokens to Mastra AI and start using 18 AI agent tools in minutes. Fully managed, enterprise secure, and ready to use without writing a single line of code.
GDPR Free for SubscribersCompatible with every major AI agent and IDE
Gemini
What is the SuperTokens MCP Server?
Connect your SuperTokens Core instance to any AI agent to manage user lifecycles, session security, and Role-Based Access Control (RBAC) through natural language.
What you can do
- User Management — Sign up new users, sign in existing ones, and retrieve detailed user profiles or link multiple accounts together.
- Session Control — Create, refresh, and revoke sessions (JWT or database-backed) to maintain tight security over user access.
- RBAC & Permissions — Create roles, define permissions, and assign them to users to manage authorization levels dynamically.
- User Metadata — Store and update custom JSON metadata for users to track preferences or application-specific data.
- Account Linking — Seamlessly link or unlink different recipe user IDs to a primary user identity.
How it works
- Subscribe to this server
- Enter your SuperTokens Core URL and API Key
- Start managing your authentication layer from Claude, Cursor, or any MCP-compatible client
Who is this for?
- Backend Developers — quickly debug user sessions or update roles without writing manual scripts or using a CLI.
- Support Teams — inspect user metadata and account status to resolve login issues or permission errors instantly.
- Security Engineers — audit roles and revoke suspicious sessions directly through a conversational interface.
Built-in capabilities (18)
Assign a role to a user
Bulk import users
Create or update a user role
Create or update a tenant
Create a new session for a user
Delete metadata for a user
Get tenant details
Get user details by ID
Get metadata for a user
Link two user accounts together
List all roles
List roles assigned to a user
Refresh an existing session
Remove/revoke a session
Sign in a user
Sign up a new user
Unlink a user account
Update metadata for a user
Why Mastra AI?
Mastra's agent abstraction provides a clean separation between LLM logic and SuperTokens tool infrastructure. Connect 18 tools through Vinkius and use Mastra's built-in workflow engine to chain tool calls with conditional logic, retries, and parallel execution. deployable to any Node.js host in one command.
- —
Mastra's agent abstraction provides a clean separation between LLM logic and tool infrastructure. add SuperTokens without touching business code
- —
Built-in workflow engine chains MCP tool calls with conditional logic, retries, and parallel execution for complex automation
- —
TypeScript-native: full type inference for every SuperTokens tool response with IDE autocomplete and compile-time checks
- —
One-command deployment to any Node.js host. Vercel, Railway, Fly.io, or your own infrastructure
SuperTokens in Mastra AI
SuperTokens and 4,000+ other MCP servers. One platform. One governance layer.
Teams that connect SuperTokens to Mastra AI through Vinkius don't need to source, host, or maintain individual MCP servers. Every tool call runs inside a hardened runtime with credential isolation, DLP, and a signed audit chain.
Raw MCP | Vinkius | |
|---|---|---|
| Server catalog | Find and host yourself | 4,000+ managed |
| Infrastructure | Self-hosted | Sandboxed V8 isolates |
| Credential handling | Plaintext in config | Vault + runtime injection |
| Data loss prevention | None | Configurable DLP policies |
| Kill switch | None | Global instant shutdown |
| Financial circuit breakers | None | Per-server limits + alerts |
| Audit trail | None | Ed25519 signed logs |
| SIEM log streaming | None | Splunk, Datadog, Webhook |
| Honeytokens | None | Canary alerts on leak |
| Custom domains | Not applicable | DNS challenge verified |
| GDPR compliance | Manual effort | Automated purge + export |
Why teams choose Vinkius for SuperTokens in Mastra AI
The SuperTokens MCP Server runs on Vinkius-managed infrastructure inside AWS — a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts. All 18 tools execute in hardened sandboxes optimized for native MCP execution.
Your AI agents in Mastra AI only access the data you authorize, with DLP that blocks sensitive information from ever reaching the model, kill switch for instant shutdown, and up to 60% token savings. Enterprise-grade infrastructure, zero maintenance.
* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure
How Vinkius secures
SuperTokens for Mastra AI
Every tool call from Mastra AI to the SuperTokens MCP Server is protected by DLP redaction, cryptographic audit chains, V8 sandbox isolation, kill switch, and financial circuit breakers.
Frequently asked questions
Can I retrieve specific user information using their ID?
Yes, by using the get_user tool with the specific User ID, you can fetch the full profile, including email and account linking status.
How do I assign a specific role like 'admin' to a user?
You can use the assign_role_to_user tool. Just provide the User ID and the role name to update their permissions immediately.
Is it possible to update custom user data or preferences?
Absolutely. The update_user_metadata tool allows you to pass a JSON object to store or update custom information for any user.
How does Mastra AI connect to MCP servers?
Create an MCPClient with the server URL and pass it to your agent. Mastra discovers all tools and makes them available with full TypeScript types.
Can Mastra agents use tools from multiple servers?
Yes. Pass multiple MCP clients to the agent constructor. Mastra merges all tool schemas and the agent can call any tool from any server.
Does Mastra support workflow orchestration?
Yes. Mastra has a built-in workflow engine that lets you chain MCP tool calls with branching logic, error handling, and parallel execution.
createMCPClient not exported
Install: npm install @mastra/mcp
Explore More MCP Servers
View all →
CallRail
10 toolsManage call tracking via CallRail — track calls, manage leads, and monitor marketing attribution directly from any AI agent.
Handwrytten
10 toolsAutomate handwritten notes via Handwrytten — manage cards, fonts, and send physical mail directly from any AI agent.
Customerly
8 toolsCombine live chat, email marketing, and customer surveys in one platform that helps SaaS companies grow and retain users.
Polygon.io
6 toolsAccess real-time and historical stock market data, including trades, quotes, aggregates, and company metadata directly via AI.