Skip to content

Commit c180308

Browse files
wdawsonclaudegithub-actions[bot]
authored
docs: add Auth0 setup guide (#991)
* docs: add Auth0 setup guide for User Sources (GRO-94) Third per-provider page under /guides/user-sources/, modeled on the Microsoft Entra ID and Okta pages. Walks an admin through creating a Regular Web Application in Auth0, configuring the Arcade redirect URL, and pasting the resulting Domain/Client ID/Client Secret into Arcade's User Source form. Includes two light-mode screenshots from a development tenant: - Create application dialog with Regular Web Application selected - Basic Information section showing Domain, Client ID, Client Secret Notes cover Auth0-specific quirks: - Tenant domain formats (region-prefixed vs older bare-domain) - Custom domain feature - Connection types (database / social / enterprise) as admin's choice - Client secret rotation pointer - Custom subject claims via Auth0 Actions, with the Auth0-specific note that `sub` is connection-prefixed (`auth0|...`, `google-oauth2|...`). Per Wils — no PKCE call-out; Auth0 doesn't expose a per-application PKCE toggle, so there's nothing for an admin to do. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * 🤖 Regenerate LLMs.txt * docs: address Vale style review on Auth0 page Two flags, both with bot suggestions that would have broken grammar: Google.Passive on "This is Auth0's confidential-client application type, which is required for the Authorization Code flow Arcade uses." The bot suggested "which the Authorization Code flow Arcade uses requires" — grammatically jammed and worse to read. Rewrote as a direct active sentence: "That choice gives Arcade the confidential- client setup and Authorization Code flow it needs." Google.We on the Tenant domains and regions note. The bot suggested appending "you" after "shows", but the actual cause is Vale's tokenizer catching `us` inside the URL example `<tenant>.us.auth0.com`. Genericized the example to `<tenant>.<region>.auth0.com` so there's no bare token that looks like a first-person plural pronoun. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs: fix broken Auth0 docs URLs + drop dashboard deep link Two URLs returned 404: - tenant-domains → real doc lives at auth0.com/docs/get-started/auth0-overview/create-tenants - Auth0 Actions "add user info" → real doc is the broader auth0.com/docs/secure/tokens/json-web-tokens/create-custom-claims Also drop the `cloud.arcade.dev/dashboard/user-sources` deep link (the SPA route is actually `/orgs/<org>/projects/<project>/user-sources`, so the bare /dashboard/user-sources path 400s). Replace with prose: "Open the Arcade Dashboard, select your project, navigate to **User Sources**..." Now that the Vale CI version is being bumped, restore real region examples (`<tenant>.us.auth0.com`, `<tenant>.eu.auth0.com`) instead of the genericized `<region>` placeholder. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs: drop broken User Sources dashboard deep links from overview, Entra, Okta The cloud.arcade.dev/dashboard/user-sources URL used on each page returns 400. The actual SPA route is /orgs/<org>/projects/<project>/user-sources, with no stable top-level shortcut. Replace the markdown links with prose: "Open the Arcade Dashboard, select your project, navigate to **User Sources**..." Leaves the rest of the docs' api.arcade.dev/dashboard/* references alone — those use a different host pattern that's been the long-standing convention across ~30 pages, and aren't the URL Wils reported as broken. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * ci: bump Vale to 3.14.2 in style-review workflows Local Vale (3.14.2) was reporting no findings on the Auth0 page while the CI Vale (3.9.5) was flagging false positives — including Google.We matching `us` inside the literal URL `<tenant>.us.auth0.com`. Newer Vale has refined token handling that correctly skips inline-code spans for these rules. Bumps both style-review.yml and style-structural-review.yml from 3.9.5 → 3.14.2 so reviewers and authors see the same set of flags. May surface new flags on already-merged pages that the older Vale missed; handle those as separate small follow-ups when they come up. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
1 parent 2171567 commit c180308

10 files changed

Lines changed: 106 additions & 6 deletions

File tree

.github/workflows/style-review.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ jobs:
5050

5151
- name: Install Vale
5252
run: |
53-
wget -qO- https://github.com/errata-ai/vale/releases/download/v3.9.5/vale_3.9.5_Linux_64-bit.tar.gz | tar xz -C /usr/local/bin vale
53+
wget -qO- https://github.com/errata-ai/vale/releases/download/v3.14.2/vale_3.14.2_Linux_64-bit.tar.gz | tar xz -C /usr/local/bin vale
5454
5555
- name: Sync Vale styles
5656
run: vale sync

.github/workflows/style-structural-review.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ jobs:
4343

4444
- name: Install Vale
4545
run: |
46-
wget -qO- https://github.com/errata-ai/vale/releases/download/v3.9.5/vale_3.9.5_Linux_64-bit.tar.gz | tar xz -C /usr/local/bin vale
46+
wget -qO- https://github.com/errata-ai/vale/releases/download/v3.14.2/vale_3.14.2_Linux_64-bit.tar.gz | tar xz -C /usr/local/bin vale
4747
4848
- name: Sync Vale styles
4949
run: vale sync

app/en/guides/user-sources/_meta.tsx

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,9 @@ export const meta: MetaRecord = {
44
index: {
55
title: "Overview",
66
},
7+
auth0: {
8+
title: "Auth0",
9+
},
710
"microsoft-entra-id": {
811
title: "Microsoft Entra ID",
912
},
Lines changed: 96 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,96 @@
1+
---
2+
title: "Auth0"
3+
description: "Use Auth0 as a User Source so people who already sign in with their Auth0 account can sign in to your MCP Gateways"
4+
---
5+
6+
import Image from "next/image";
7+
import { Steps } from "nextra/components";
8+
9+
export const IMAGE_SCALE_FACTOR = 2;
10+
export const AUTH0_SCREENSHOT_WIDTH = 1552 / IMAGE_SCALE_FACTOR;
11+
export const AUTH0_SCREENSHOT_HEIGHT = 1099 / IMAGE_SCALE_FACTOR;
12+
13+
# Auth0
14+
15+
Use Auth0 as a User Source so the people who already sign in through your Auth0 tenant can sign in to your MCP Gateways. This guide walks you through what to do in the Auth0 dashboard. Once you have the values it tells you to copy, [create the User Source in Arcade](/guides/user-sources#create-a-user-source).
16+
17+
## Before you start
18+
19+
- An Auth0 account with permission to create applications in your tenant, typically the **Admin** role.
20+
- An Arcade project where you'll create the User Source.
21+
22+
## Register an application in Auth0
23+
24+
<Steps>
25+
26+
### Open the Auth0 dashboard
27+
28+
Sign in to your [Auth0 dashboard](https://manage.auth0.com/).
29+
30+
Go to **Applications****Applications**, then click **Create Application**.
31+
32+
### Choose Regular Web Application
33+
34+
In the **Create application** dialog, give the application a name your team will recognize, for example `Arcade User Source`. Under **Choose an application type**, select **Regular Web Application**. That choice gives Arcade the confidential-client setup and Authorization Code flow it needs. See Auth0's [application types reference](https://auth0.com/docs/get-started/applications) for more on each option.
35+
36+
Click **Create**. Auth0 opens the new application's **Settings** tab.
37+
38+
<Image
39+
alt="Create application dialog in the Auth0 dashboard with Regular Web Application selected"
40+
className="max-w-full mt-4"
41+
src="/images/user-sources/auth0/auth0-create-app-light.png"
42+
width={AUTH0_SCREENSHOT_WIDTH}
43+
height={AUTH0_SCREENSHOT_HEIGHT}
44+
/>
45+
46+
### Configure the Allowed Callback URLs
47+
48+
On the **Settings** tab, scroll to **Application URIs** and paste this URL into **Allowed Callback URLs**:
49+
50+
`https://cloud.arcade.dev/oauth2/intermediate_callback`
51+
52+
Leave the other URI fields (Allowed Logout URLs, Allowed Web Origins) empty unless you have a separate reason to set them. Scroll to the bottom of the Settings tab and click **Save Changes**.
53+
54+
### Copy the application credentials
55+
56+
Scroll back to the **Basic Information** section at the top of the **Settings** tab and copy three values:
57+
58+
- **Domain**
59+
- **Client ID**
60+
- **Client Secret**. Click the eye icon to reveal it before copying.
61+
62+
You'll paste these into Arcade in the next section.
63+
64+
<Image
65+
alt="Basic Information section of the Auth0 application Settings tab showing Domain, Client ID, and Client Secret fields"
66+
className="max-w-full mt-4"
67+
src="/images/user-sources/auth0/auth0-settings-light.png"
68+
width={AUTH0_SCREENSHOT_WIDTH}
69+
height={AUTH0_SCREENSHOT_HEIGHT}
70+
/>
71+
72+
</Steps>
73+
74+
## Copy these values to Arcade
75+
76+
Copy these values into Arcade's User Source form:
77+
78+
| Arcade field | Where to find it in Auth0 |
79+
|---|---|
80+
| **Issuer URL** | `https://<your-auth0-domain>/`, where `<your-auth0-domain>` is the **Domain** value from the application's **Settings** tab. Include the trailing slash. Auth0 emits the issuer with a trailing slash and Arcade matches the value exactly. |
81+
| **Client ID** | The **Client ID** field in **Basic Information**. |
82+
| **Client Secret** | The **Client Secret** field in **Basic Information**. |
83+
84+
## Create the User Source in Arcade
85+
86+
Open the Arcade Dashboard, select your project, navigate to **User Sources**, and click **Create User Source**. Paste the values from the table above. For a walkthrough of the form, see [Create a User Source](/guides/user-sources#create-a-user-source) in the User Sources overview.
87+
88+
Once the User Source is active, attach it to an MCP Gateway by following [Create via Dashboard](/guides/mcp-gateways/create-via-dashboard) and picking **User Source** under "Non-Arcade Users" in the gateway form.
89+
90+
## Notes
91+
92+
- **Tenant domains and regions**: Newer Auth0 tenants use region-prefixed domains such as `<tenant>.us.auth0.com` or `<tenant>.eu.auth0.com`. Older tenants use `<tenant>.auth0.com`. Either form works; copy exactly what the **Domain** field on the application's Settings tab displays. See Auth0's [tenant region documentation](https://auth0.com/docs/get-started/auth0-overview/create-tenants) for more on which region your tenant is in.
93+
- **Custom domains**: If you use Auth0's [custom domain feature](https://auth0.com/docs/customize/custom-domains) (for example, `auth.yourcompany.com`), use the custom domain as the **Issuer URL** hostname. End users see your branded domain on the sign-in page.
94+
- **Connections**: Auth0 lets you wire up database, social, and enterprise connections behind a single tenant. Arcade doesn't care which connections you've enabled, only that the end users who try to sign in have access to this application. Configure connections under **Authentication****Database / Social / Enterprise** in the Auth0 dashboard.
95+
- **Client secret rotation**: Auth0 lets you rotate the client secret from the **Settings** tab's **Basic Information** section. See [Rotate the client secret](/guides/user-sources#rotate-the-client-secret) in the User Sources guide for the Arcade side.
96+
- **Custom subject claims**: Arcade's default Subject Claim, `sub`, is Auth0's connection-prefixed user identifier (for example, `auth0|abc123` for a database user or `google-oauth2|abc123` for a Google-linked user). It's stable per user across the tenant. If you need Arcade to identify users by a different value, add a [custom claim](https://auth0.com/docs/secure/tokens/json-web-tokens/create-custom-claims) to the ID token via an Auth0 Action and set the User Source's **Subject Claim** to its name. Arcade only reads ID tokens, so the claim must be on the ID token (not the access token). See [Advanced: scopes and subject claim](/guides/user-sources#advanced-scopes-and-subject-claim) in the overview for what makes a good claim.

app/en/guides/user-sources/microsoft-entra-id/page.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -111,7 +111,7 @@ Leave Arcade's other defaults alone for a standard Entra setup. See [Optional: u
111111

112112
## Create the User Source in Arcade
113113

114-
Open the [User Sources dashboard](https://cloud.arcade.dev/dashboard/user-sources), click **Create User Source**, and paste the values from the table above. For a walkthrough of the form, see [Create a User Source](/guides/user-sources#create-a-user-source) in the User Sources overview.
114+
Open the Arcade Dashboard, select your project, navigate to **User Sources**, and click **Create User Source**. Paste the values from the table above. For a walkthrough of the form, see [Create a User Source](/guides/user-sources#create-a-user-source) in the User Sources overview.
115115

116116
Once the User Source is active, attach it to an MCP Gateway by following [Create via Dashboard](/guides/mcp-gateways/create-via-dashboard) and picking **User Source** under "Non-Arcade Users" in the gateway form.
117117

app/en/guides/user-sources/okta/page.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,7 @@ Copy these values into Arcade's User Source form:
9696

9797
## Create the User Source in Arcade
9898

99-
Open the [User Sources dashboard](https://cloud.arcade.dev/dashboard/user-sources), click **Create User Source**, and paste the values from the table above. For a walkthrough of the form, see [Create a User Source](/guides/user-sources#create-a-user-source) in the User Sources overview.
99+
Open the Arcade Dashboard, select your project, navigate to **User Sources**, and click **Create User Source**. Paste the values from the table above. For a walkthrough of the form, see [Create a User Source](/guides/user-sources#create-a-user-source) in the User Sources overview.
100100

101101
Once the User Source is active, attach it to an MCP Gateway by following [Create via Dashboard](/guides/mcp-gateways/create-via-dashboard) and picking **User Source** under "Non-Arcade Users" in the gateway form.
102102

app/en/guides/user-sources/page.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ From your identity provider, copy the **issuer URL**, **client ID**, and **clien
5353

5454
### Open the User Sources dashboard
5555

56-
Go to the [User Sources dashboard](https://cloud.arcade.dev/dashboard/user-sources) for your project and click **Create User Source**.
56+
Open the Arcade Dashboard, select your project, navigate to **User Sources**, and click **Create User Source**.
5757

5858
### Fill in the User Source details
5959

274 KB
Loading
250 KB
Loading

public/llms.txt

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- git-sha: a34da7ac5970c7ea6f9c8bc54e74c1eb7be908cc generation-date: 2026-05-30T17:56:27.802Z -->
1+
<!-- git-sha: e7668fa68b8dbebdfdac68f07e0e8d92836100e2 generation-date: 2026-06-02T22:07:48.236Z -->
22

33
# Arcade
44

@@ -77,6 +77,7 @@ Arcade delivers three core capabilities: Deploy agents even your security team w
7777
- [Arcade with LangChain](https://docs.arcade.dev/en/get-started/agent-frameworks/langchain/overview): This documentation page provides guidance on integrating Arcade tools with LangChain agents, enabling users to build AI agents that can interact with various services like Gmail, GitHub, and Slack. It offers setup instructions for both Python and TypeScript, along with examples of
7878
- [Arcade with OpenAI Agents](https://docs.arcade.dev/en/get-started/agent-frameworks/openai-agents/overview): This documentation page guides users on how to integrate Arcade tools with the OpenAI Agents SDK, enabling the creation of AI agents that can interact with various services like Gmail, GitHub, and Slack. It provides setup instructions for both Python and TypeScript,
7979
- [Audit Logs for AI Agent Platforms](https://docs.arcade.dev/en/guides/audit-logs): This documentation page provides an overview of the automatic audit logging feature in Arcade.dev, detailing how it captures all administrative actions on the platform without requiring any setup. Users can access a filterable dashboard and utilize a REST API to programmatically retrieve audit logs for
80+
- [Auth0](https://docs.arcade.dev/en/guides/user-sources/auth0): Documentation page
8081
- [Authorized Tool Calling](https://docs.arcade.dev/en/guides/tool-calling/custom-apps/auth-tool-calling): The "Authorized Tool Calling" documentation provides a comprehensive guide for developers on how to securely implement OAuth 2.0, API keys, and user tokens to enable AI agents to access external services on behalf of users. It outlines the steps for initializing the
8182
- [Build a Tool](https://docs.arcade.dev/en/guides/create-tools/tool-basics): This documentation page provides a comprehensive guide on building custom tools using Arcade's MCP Server framework, enabling users to enhance AI agents with new capabilities. It serves as a starting point for beginners and a resource for those looking to add functionality to existing MCP servers.
8283
- [Build an AI agent with Arcade and Spring AI](https://docs.arcade.dev/en/get-started/agent-frameworks/springai): Documentation page

0 commit comments

Comments
 (0)