# Corbado MCP

> Corbado manages your entire user lifecycle and authentication processes through this MCP. It lets you programmatically create users, manage login identifiers like emails and phones, handle complex passkey logins, and audit active sessions directly from your AI agent.

## Overview
- **Category:** developer-tools
- **Price:** Free
- **Tags:** passkeys, authentication, user-management, identity-provider, passwordless

## Description

This MCP connects your identity infrastructure to any compatible client, letting your agent perform actions across the whole user lifecycle. Need to check if a user exists or reset an old session? It handles everything from creating new accounts to revoking access instantly. You can manage all login identifiers—emails, phone numbers, usernames—and even orchestrate complex flows like Single Sign-On (SSO) and passkey authentication without touching the UI. Because Vinkius hosts this MCP in its catalog, you connect once to your preferred AI client and gain immediate control over robust identity management.

It's built for security; you can list all active sessions or run a full user audit simply by asking natural language questions.

## Tools

### complete_auth_process
Finalizes a multi-step authentication sequence after initial setup.

### create_connect_token
Generates a new token needed to establish connectivity for the user.

### create_identifier
Adds a new login method, such as an email address or phone number, to an account.

### create_user
Creates a brand new user profile in the system.

### delete_connect_token
Removes an existing connection token associated with a user.

### delete_identifier
Permanently removes a specific login method (like an email) from a user's profile.

### delete_me
Logs out and deletes the current user's session data for cleanup.

### delete_user
Deletes an entire user account from the system.

### finish_connect_login
Completes the connection login process after starting it with your agent.

### finish_identifier_verify
Confirms and activates a newly added user identifier after verification is complete.

### finish_passkey_append
Finalizes the process of adding a new passkey to an account.

### finish_passkey_login
Completes the secure login flow using a biometrically verified passkey.

### finish_sso
Finalizes Single Sign-On (SAML2) authentication after redirection.

### get_apple_app_site_association
Retrieves the required file data for Apple's App Site Association verification.

### get_assetlinks
Fetches asset links, confirming your app ownership to Google Play services.

### get_auth_process
Retrieves the current status and necessary steps for an ongoing authentication process.

### get_jwks
Fetches the JSON Web Key Set (JWKS) used for verifying security tokens.

### get_me
Retrieves and displays the current user's profile details.

### get_user
Fetches specific, detailed information about any existing user by ID.

### init_auth_process
Starts a general authentication process when a user attempts to log in.

### init_connect_login
Initiates the initial connection login sequence for a user.

### init_login
Starts a standard, general login flow for the current user.

### init_signup
Begins the process of creating and registering a new user account.

### list_connect_passkeys
Shows all passkeys currently linked to the connected account.

### list_connect_tokens
Lists all active connection tokens associated with the user.

### list_identifiers
Displays a comprehensive list of every login method attached to an account.

### list_sessions
Retrieves a list of all active user sessions across devices.

### list_users
Lists every single user profile within the entire Corbado project.

### logout_me
Ends the current user's session and logs them out immediately.

### refresh_me
Extends the lifespan of an expiring security token without re-logging in.

### reset_auth_process
Clears and restarts a stalled or problematic authentication sequence.

### revoke_session
Forces the immediate termination of any specified user session.

### skip_auth_block
Bypasses a required authentication step for testing or maintenance purposes.

### start_connect_login
Begins the connect login flow, often used for client-side integrations.

### start_identifier_verify
Starts the process of verifying a user's provided identifier (like an email).

### start_passkey_append
Initiates the flow for adding a new passkey to an existing account.

### start_passkey_login
Starts the login sequence specifically using a passkey method.

### start_sso
Kicks off the Single Sign-On (SAML2) authentication redirect.

### update_auth_identifier
Modifies an existing login method, such as changing a user's associated email address.

### update_identifier
Updates the details of a specific login identifier for better accuracy.

### update_me
Allows the current user to update their own profile information.

### update_user
Modifies any existing user's details by providing a unique ID.

### verify_signed_data
Checks and validates the integrity of passkey data provided by the client device.

## Prompt Examples

**Prompt:** 
```
List all users in my Corbado project.
```

**Response:** 
```
I've retrieved the user list. You have 150 users in this project. The most recent users include 'John Doe' (active) and 'Jane Smith' (pending). Would you like to see more details for a specific user?
```

**Prompt:** 
```
Get the details for user ID usr-123456789.
```

**Response:** 
```
User 'usr-123456789' is currently 'active'. Their full name is 'Alice Vance'. They were created on October 12th, 2023. Would you like to list their identifiers or active sessions?
```

**Prompt:** 
```
Add the email 'dev@example.com' as an identifier for user usr-123456789.
```

**Response:** 
```
I've successfully added 'dev@example.com' as an email identifier for Alice Vance (usr-123456789). The identifier is currently in 'pending' status until verified.
```

## Capabilities

### Manage User Accounts
Create, retrieve details on, update, and delete entire user profiles.

### Control Login Identifiers
Add, remove, or list all associated emails, phone numbers, and usernames for any account.

### Handle Passkey Authentication
Initiate and finalize the process of adding new passkeys or logging in using biometrics.

### Audit and Revoke Access
List all currently active sessions and instantly kill access for security purposes.

### Execute Complex Auth Flows
Initiate specific, multi-step authentication processes like SSO or standard Connect logins.

## Use Cases

### Onboarding Audit
A PM needs to know which new users haven't set up their phone number. They ask their agent to list all identifiers and filter for 'missing phone'. The agent runs the necessary calls, showing only accounts that need immediate attention.

### Security Incident Response
A security engineer receives an alert about a rogue session. Instead of logging into multiple dashboards, they ask their agent to list all active sessions and then run `revoke_session` on the suspicious ID immediately.

### Debugging Login Failures
A backend developer encounters a login failure. They use the agent to get the current authentication process status with `get_auth_process`, quickly identifying if the issue is in the token creation (`create_connect_token`) or the final step.

### User Data Migration
A team needs to update a user's primary email address across systems. They use the agent to run `get_user` first, then execute `update_identifier`, ensuring the change is logged and effective.

## Benefits

- Audit all user accounts instantly. Instead of running complex database queries or manually checking logs, simply ask your agent to list all project users using the `list_users` tool. You get a clean report immediately.
- Respond faster to support tickets by controlling sessions. If you suspect an account is compromised, use `list_sessions` to find active logins and run `revoke_session` to kill access in seconds.
- Streamline complex logins with built-in flows. Whether it's a new user signing up (`init_signup`) or completing SSO (`start_sso`), this MCP handles the entire sequence, eliminating manual redirects.
- Secure your application with passkeys. You can initiate and finalize advanced methods like adding a key (`start_passkey_append` followed by `finish_passkey_append`) directly through conversation.
- Improve developer workflow dramatically. Need to check if a user's email is valid or add it? Use `create_identifier` and then confirm the status with `list_identifiers`—all within your IDE, no context switching required.

## How It Works

The bottom line is you treat user authentication and management as simple conversation prompts for your AI client.

1. Subscribe to this MCP on Vinkius and enter your unique Corbado Project ID, API Secret, and Backend URL.
2. Authorize your AI client to connect to the identity service via Vinkius's secure connection method.
3. Ask your agent to perform a specific task, like 'List all users who signed up last month,' and it executes the action.

## Frequently Asked Questions

**How do I list all users in Corbado using this MCP?**
You use the `list_users` tool. This retrieves every user profile within your project, giving you a complete roster of accounts to audit.

**Can I force a user out of their session with Corbado?**
Yes, running `revoke_session` is how you instantly terminate any active connection. This is critical for security audits and incident response.

**What is the difference between `create_user` and `init_signup` in Corbado?**
`create_user` makes a user account programmatically, bypassing an actual sign-up flow. `init_signup` starts the natural process that guides a new person through registration.

**How does Corbado handle passkeys with this MCP?**
You manage them in multiple steps: starting the append (`start_passkey_append`), then calling `finish_passkey_append` to secure the new key.

**If I change a user's email, do I use Corbado MCP?**
Yes, you update it using the `update_identifier` tool. This ensures the system records the change correctly and keeps your identifiers current.