better-auth

The Better Auth MCP Server provides enterprise-grade authentication tooling that can manage credentials securely, support multiple authentication protocols (OAuth2, SAML, LDAP), and monitor authentication activity in real time. It exposes a collection of core tools such as analyze_project to assess auth setup, setup_better_auth to configure providers with your project ID and API key, analyze_current_auth to detect existing auth.js or NextAuth implementations, and generate_migration_plan to outline migration steps. Additional capabilities include test_auth_flows to validate login, registration, and 2FA flows; test_security to run OWASP-aligned checks; analyze_logs to review auth system logs; and monitor_auth_flows for real-time monitoring. You can also inspect resources via better-auth://config for current configuration and better-auth://logs for logs. These tools can be invoked from your application code using mcp.useTool with the appropriate tool name and parameters.

Prerequisites:

• Node.js and npm installed on your system.
• Access to the MCP server repository (clone or npm package).

Install from the repository or package registry:

1. Clone the repository: git clone https://github.com/better-auth-mcp-server/better-auth-mcp-server.git cd better-auth-mcp-server

2. Install dependencies: npm install

3. Build the server (production build): npm run build

4. Optional: Run in development mode with auto-rebuild (watch): npm run watch

5. If you prefer using Smithery for distribution/config (optional): npx -y @smithery/cli install @nahmanmate/better-auth-mcp-server --client claude

Configure your MCP client to point to the built server, for example by updating your Claude Desktop config to load the server: On MacOS: ~/Library/Application Support/Claude/claude_desktop_config.json On Windows: %APPDATA%/Claude/claude_desktop_config.json

Example configuration snippet for Claude Desktop integration: { "mcpServers": { "better-auth-mcp-server": { "command": "node", "args": ["/path/to/better-auth-mcp-server/build/index.js"], "disabled": false, "alwaysAllow": [] } } }

Environment variables are required for proper operation and security:

• BETTER_AUTH_PROJECT_ID and BETTER_AUTH_API_KEY should be set to your project credentials and kept secret.
• BETTER_AUTH_ENV can help differentiate deployments (development, staging, production).
• LOG_LEVEL controls the verbosity of logs (info, debug, error). If debugging MCP servers, you can rely on the MCP Inspector tooling to inspect stdio communication and trace tool invocations. Ensure network access to authentication providers (OAuth2, SAML, LDAP) is allowed from where the MCP server runs. For production, rotate API keys regularly and enforce least privilege when configuring access controls. Common issues include misconfigured environment variables, incorrect index.js path after build, and firewall rules blocking provider endpoints. The provided examples show how to wire the server into Claude Desktop; adapt paths to your environment accordingly.