Bring Authentication
to Windsurf
Learn how to connect Descope (Auth Platform) to Windsurf and start using 33 AI agent tools in minutes. Fully managed, enterprise secure, and ready to use without writing a single line of code.
GDPR Free for SubscribersCompatible with every major AI agent and IDE
Gemini
What is the Descope (Auth Platform) MCP Server?
Connect Descope to your AI agent to manage and test user authentication flows through natural conversation. Descope is a drag-and-drop authentication and user management platform for any application.
What you can do
- OTP Authentication — Initiate and verify One-Time Passwords via Email, SMS, or Voice using tools like
auth_otp_signup_emailandauth_otp_verify_email. - Magic & Enchanted Links — Send secure sign-up/sign-in links and poll for session completion with
auth_magiclink_signup_emailorauth_enchantedlink_poll. - OAuth Integration — Start OAuth flows with providers like Google and exchange codes for active sessions using
auth_oauth_authorize. - Password Management — Handle traditional password-based sign-ups via
auth_password_signup. - Session Verification — Verify tokens and manage the authentication lifecycle directly from your workspace.
How it works
- Subscribe to this server
- Enter your Descope Project ID and optional Management Key
- Start managing your auth flows from Claude, Cursor, or any MCP-compatible client
Who is this for?
- Developers — Test authentication logic and verify OTP/Magic Link flows without leaving the terminal or IDE.
- QA Engineers — Automate the verification of sign-up and sign-in processes through natural language queries.
- Product Managers — Quickly inspect how different auth providers and methods are configured in your project.
Built-in capabilities (33)
Poll for Enchanted Link session
Sign up a user via Enchanted Link
Verify an Enchanted Link token
Exchange an access key for a session JWT
Get public keys for session validation
Sign up or sign in a user via Magic Link
Verify a Magic Link token
Start OAuth flow
Exchange OAuth code for session
Sign in a user via Email OTP
Sign up a user via Email OTP
Sign up a user via SMS OTP
Sign up a user via Voice OTP
Verify an Email OTP
Verify an SMS OTP
Verify a Voice OTP
Reset a user password
Sign in a user with a password
Sign up a user with a password
Finish WebAuthn sign in
Start WebAuthn sign in
Finish WebAuthn sign up
Start WebAuthn sign up
Create a new access key (M2M)
Create a new permission
Create a new role
Create a new tenant
Create a new user
Delete a user
Load a user by login ID
Load all tenants
Search for users
Update an existing user
Why Windsurf?
Windsurf's Cascade agent chains multiple Descope (Auth Platform) tool calls autonomously. query data, analyze results, and generate code in a single agentic session. Paste Vinkius Edge URL, reload, and all 33 tools are immediately available. Real-time tool feedback appears inline, so you see API responses directly in your editor.
- —
Windsurf's Cascade agent autonomously chains multiple tool calls in sequence, solving complex multi-step tasks without manual intervention
- —
Purpose-built for agentic workflows. Cascade understands context across your entire codebase and integrates MCP tools natively
- —
JSON-based configuration means zero code changes: paste a URL, reload, and all 33 tools are immediately available
- —
Real-time tool feedback is displayed inline, so you see API responses directly in your editor without switching contexts
Descope (Auth Platform) in Windsurf
Descope (Auth Platform) and 4,000+ other MCP servers. One platform. One governance layer.
Teams that connect Descope (Auth Platform) to Windsurf through Vinkius don't need to source, host, or maintain individual MCP servers. Every tool call runs inside a hardened runtime with credential isolation, DLP, and a signed audit chain.
Raw MCP | Vinkius | |
|---|---|---|
| Server catalog | Find and host yourself | 4,000+ managed |
| Infrastructure | Self-hosted | Sandboxed V8 isolates |
| Credential handling | Plaintext in config | Vault + runtime injection |
| Data loss prevention | None | Configurable DLP policies |
| Kill switch | None | Global instant shutdown |
| Financial circuit breakers | None | Per-server limits + alerts |
| Audit trail | None | Ed25519 signed logs |
| SIEM log streaming | None | Splunk, Datadog, Webhook |
| Honeytokens | None | Canary alerts on leak |
| Custom domains | Not applicable | DNS challenge verified |
| GDPR compliance | Manual effort | Automated purge + export |
Why teams choose Vinkius for Descope (Auth Platform) in Windsurf
The Descope (Auth Platform) MCP Server runs on Vinkius-managed infrastructure inside AWS — a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts. All 33 tools execute in hardened sandboxes optimized for native MCP execution.
Your AI agents in Windsurf only access the data you authorize, with DLP that blocks sensitive information from ever reaching the model, kill switch for instant shutdown, and up to 60% token savings. Enterprise-grade infrastructure, zero maintenance.
* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure
How Vinkius secures
Descope (Auth Platform) for Windsurf
Every tool call from Windsurf to the Descope (Auth Platform) MCP Server is protected by DLP redaction, cryptographic audit chains, V8 sandbox isolation, kill switch, and financial circuit breakers.
Frequently asked questions
How do I verify an email OTP code sent to a user?
Use the auth_otp_verify_email tool by providing the user's loginId (email) and the code they received. The agent will return the session details if the verification is successful.
Can I start a Google OAuth login flow using this server?
Yes. Use the auth_oauth_authorize tool with 'google' as the provider and specify your redirectURL. The agent will initiate the OAuth flow for you.
What is the purpose of the enchanted link polling tool?
The auth_enchantedlink_poll tool allows the agent to check the status of a pending enchanted link authentication using a pendingRef. It helps determine if the user has clicked the link and completed the session.
How does Windsurf discover MCP tools?
Windsurf reads the mcp_config.json file on startup and connects to each configured server via Streamable HTTP. Tools are listed in the MCP panel and available to Cascade automatically.
Can Cascade chain multiple MCP tool calls?
Yes. Cascade is an agentic system. it can plan and execute multi-step workflows, calling several tools in sequence to accomplish complex tasks without manual prompting between steps.
Does Windsurf support multiple MCP servers?
Yes. Add as many servers as needed in mcp_config.json. Each server's tools appear in the MCP panel and Cascade can use tools from different servers in a single flow.
Server not connecting
Check Settings → MCP for the server status. Try toggling it off and on.
Explore More MCP Servers
View all →
Bilflo
10 toolsManage your staffing operations via Bilflo — list clients, contractors, and timecards directly from any AI agent.
Fera.ai
12 toolsManage reviews and social proof via Fera.ai — list customer feedback, track product ratings, and monitor UGC directly through your AI agent.
UKG Pro Workforce Management
4 toolsManage schedules, timesheets, accruals, and time-off requests via UKG Pro WFM.
Delta Projects
10 toolsEquip your AI agent to manage ad campaigns, monitor performance, and audit creatives via the Delta Projects API.