You're viewing a demo portfolio

Join the waitlist
PRSM
This tool is no longer present in the server's latest manifest. Showing the last observed version (server version 0.1.0).

manage_auth_config

Inactive

Tool of io.github.butterbase-ai/mcp

declared in 0.1.0

Manage authentication configuration for an app. Actions: - "configure_auth_hook": Configure a post-authentication hook function - "update_jwt": Update JWT token expiration times - "generate_service_key": Generate a new API key (service key) Parameters by action: configure_auth_hook: { app_id, action: "configure_auth_hook", post_auth_function } update_jwt: { app_id, action: "update_jwt", accessTokenTtl?, refreshTokenTtlDays? } generate_service_key: { action: "generate_service_key", name } --- ### configure_auth_hook Configure a post-authentication hook function for an app. When set, the specified Butterbase function is invoked (fire-and-forget) after every successful auth event: OAuth login, email login, and email signup. The hook function receives a JSON POST body: { "event": "oauth_login" | "signup" | "login", "user": { "id": "uuid", "email": "...", "provider": "google", "display_name": "...", "avatar_url": "..." }, "isNewUser": true | false, "provider": "google" | "github" | "email" | ... } The function runs as butterbase_service (RLS bypassed, ctx.user is null). Use the payload body to identify the user. Set post_auth_function to null to remove the hook. Prerequisites: The function must be deployed first (use deploy_function). Example — set hook: Input: { app_id: "app_abc123", action: "configure_auth_hook", post_auth_function: "on-auth" } Output: { auth_hook_function: "on-auth", message: "Post-auth hook set to function \"on-auth\"" } Example — remove hook: Input: { app_id: "app_abc123", action: "configure_auth_hook", post_auth_function: null } Output: { auth_hook_function: null, message: "Post-auth hook removed" } Common errors: - Function not found: Deploy the function first before configuring it as a hook. Idempotency: Safe to call multiple times (overwrites previous setting). --- ### update_jwt Update JWT token expiration times for access and refresh tokens. Example: Input: { app_id: "app_abc123", action: "update_jwt", accessTokenTtl: "1h", refreshTokenTtlDays: 30 } Output: { message: "JWT config updated", app_id: "app_abc123", jwt_config: { accessTokenTtl: "1h", refreshTokenTtlDays: 30 } } Token types: - Access token: Short-lived token for API requests (default: 15m) - Refresh token: Long-lived token to get new access tokens (default: 7 days) Time formats: - Access token: "15m", "1h", "2h", "1d" (s=seconds, m=minutes, h=hours, d=days) - Refresh token: Integer days (7, 30, 90) Use this to: - Increase security with shorter access tokens - Improve UX with longer refresh tokens - Balance security vs. convenience Common errors: - RESOURCE_NOT_FOUND: App doesn't exist - VALIDATION_INVALID_SCHEMA: Check time format is valid Idempotency: Safe to call multiple times (updates config). Note: Changes apply to new tokens only. Existing tokens keep their original expiration. --- ### generate_service_key Generate a new API key (service key) for programmatic access to the Control API. Use this to: - Create API keys for automation scripts - Generate keys for CI/CD pipelines - Provide keys to team members or services The generated key (bb_sk_...) can be used to: - Access all MCP tools programmatically - Call the Control API directly - Manage apps, schemas, functions, and data Example: Input: { action: "generate_service_key", name: "CI/CD Pipeline Key" } Output: { key: "bb_sk_a1b2c3d4e5f6...", key_id: "uuid-1234", prefix: "bb_sk_a1b2c3", name: "CI/CD Pipeline Key", created_at: "2024-01-15T10:00:00Z" } IMPORTANT: The full key is only shown ONCE. Store it securely - it cannot be retrieved again. Common errors: - AUTH_INSUFFICIENT_PERMISSIONS: Only authenticated users can generate keys Idempotency: Not idempotent - creates a new key each time. Security notes: - Keys have full access to all your apps and data - Treat keys like passwords - never commit them to git - Revoke keys immediately if compromised - Use descriptive names to track key usage Example — with substrate access: Input: { action: "generate_service_key", name: "Agent Key", substrate_access: true } Output: { key: "bb_sk_a1b2c3d4e5f6...", key_id: "uuid-1234", prefix: "bb_sk_a1b2c3", name: "Agent Key", created_at: "2024-01-15T10:00:00Z" } Note: key works on app endpoints AND on substrate endpoints for this account. ### generate_service_key (app-scoped, for function impersonation) Input: { app_id: "app_abc123", action: "generate_service_key", name: "My Function Caller", key_scope: "app" } Output: { key: "bb_sk_...", scopes: ["app:app_abc123", "ai:gateway"], ... } Use the returned key with the X-Butterbase-As-User header to invoke auth:required functions. ### generate_service_key (account-scoped, default) Input: { action: "generate_service_key", name: "Platform Admin" } Output: { key: "bb_sk_...", scopes: ["*"], ... } Use for AI gateway, integrations, control-API surfaces.

Parameters schema

{
  "type": "object",
  "$schema": "http://json-schema.org/draft-07/schema#",
  "required": [
    "action"
  ],
  "properties": {
    "name": {
      "type": "string",
      "description": "Descriptive name for the key (e.g., \"Production Deploy Key\") (generate_service_key only)"
    },
    "action": {
      "enum": [
        "configure_auth_hook",
        "update_jwt",
        "generate_service_key"
      ],
      "type": "string",
      "description": "The action to perform"
    },
    "app_id": {
      "type": "string",
      "description": "The app ID (required for configure_auth_hook and update_jwt); also required for generate_service_key when key_scope === 'app'."
    },
    "key_scope": {
      "enum": [
        "account",
        "app"
      ],
      "type": "string",
      "description": "Whether the key is scoped to your whole account or to a single app. Use 'app' (required for calling auth:required functions via X-Butterbase-As-User impersonation). Use 'account' for platform APIs. Default 'account'. (generate_service_key only)"
    },
    "accessTokenTtl": {
      "type": "string",
      "description": "Access token TTL (e.g., \"15m\", \"1h\", \"2h\", \"1d\"). Supports: s (seconds), m (minutes), h (hours), d (days) (update_jwt only)"
    },
    "substrate_access": {
      "type": "boolean",
      "description": "When true, the generated key works for BOTH app operations and substrate operations on the caller's substrate. Default false (app-only). (generate_service_key only)"
    },
    "additional_scopes": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "Optional extra scope tokens to add. Allowed: 'ai:gateway', 'substrate'. Do NOT pass 'app:<id>' or '*' — use key_scope instead. (generate_service_key only)"
    },
    "post_auth_function": {
      "type": [
        "string",
        "null"
      ],
      "description": "Name of deployed function to call after auth events, or null to remove (configure_auth_hook only)"
    },
    "refreshTokenTtlDays": {
      "type": "integer",
      "description": "Refresh token TTL in days (e.g., 7, 30) (update_jwt only)",
      "exclusiveMinimum": 0
    }
  },
  "additionalProperties": false
}

What this tool wraps· 0 endpoints

min confidence0.700.50

No endpoints wrapped at confidence ≥ 0.70.

Parent server

io.github.butterbase-ai/mcp

https://github.com/butterbase-ai/butterbase-oss

1/7 registries
View full server →
manage_auth_config — io.github.butterbase-ai/mcp — PRSM MCP