naftiko: 1.0.0-alpha2 info: label: Auth0 API — Authorize User description: 'Auth0 API — Authorize User. 1 operations. Lead operation: Auth0 Authenticate a user with a social provider, Database/AD/LDAP (Passive), SAML/Windows Azure AD (Passive), Authorization Code Flow, Authorization Code Grant (PKCE) Flow, or Implicit Flow. Self-contained Naftiko capability covering one Auth0 business surface.' tags: - Auth0 - Authorize User created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: AUTH0_API_KEY: AUTH0_API_KEY capability: consumes: - type: http namespace: auth0-authorize-user baseUri: '' description: Auth0 API — Authorize User business capability. Self-contained, no shared references. resources: - name: authorize path: /authorize operations: - name: authorize method: GET description: Auth0 Authenticate a user with a social provider, Database/AD/LDAP (Passive), SAML/Windows Azure AD (Passive), Authorization Code Flow, Authorization Code Grant (PKCE) Flow, or Implicit Flow outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: audience in: query type: string description: The unique identifier of the target API you want to access - name: scope in: query type: string description: The scopes which you want to request authorization for. These must be separated by a space. You can request any of the standard OpenID Connect (OIDC) scopes abo - name: response_type in: query type: string description: 'Indicates to Auth0 which OAuth 2.0 flow you want to perform. Use code for Authorization Code Grant Flow, token for Implicit Flow, or id_token token for both an ' required: true - name: client_id in: query type: string description: Your application's ID. required: true - name: redirect_uri in: query type: string description: The URL to which Auth0 will redirect the browser after authorization has been granted by the user. - name: state in: query type: string description: An opaque value the applications adds to the initial request that the authorization server includes when redirecting the back to the application. This value mus - name: nonce in: query type: string description: A string value which will be included in the ID Token response from Auth0, used to prevent token replay attacks. It is required for response_type=id_token token - name: code_challenge_method in: query type: string description: Method used to generate the challenge. The PKCE spec defines two methods, S256 and plain, however, Auth0 supports only S256 since the latter is discouraged. - name: code_challenge in: query type: string description: Generated challenge from the code_verifier. - name: connection in: query type: string description: The name of the connection configured to your application. - name: prompt in: query type: string description: To initiate a silent authentication request, use prompt=none. - name: organization in: query type: string description: 'ID of the organization to use when authenticating a user. When not provided, if your application is configured to Display Organization Prompt, the user will be ' - name: invitation in: query type: string description: Ticket ID of the organization invitation. When inviting a member to an Organization, your application should handle invitation acceptance by forwarding the invi exposes: - type: rest namespace: auth0-authorize-user-rest port: 8080 description: REST adapter for Auth0 API — Authorize User. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/authorize name: authorize description: REST surface for authorize. operations: - method: GET name: authorize description: Auth0 Authenticate a user with a social provider, Database/AD/LDAP (Passive), SAML/Windows Azure AD (Passive), Authorization Code Flow, Authorization Code Grant (PKCE) Flow, or Implicit Flow call: auth0-authorize-user.authorize with: audience: rest.audience scope: rest.scope response_type: rest.response_type client_id: rest.client_id redirect_uri: rest.redirect_uri state: rest.state nonce: rest.nonce code_challenge_method: rest.code_challenge_method code_challenge: rest.code_challenge connection: rest.connection prompt: rest.prompt organization: rest.organization invitation: rest.invitation outputParameters: - type: object mapping: $. - type: mcp namespace: auth0-authorize-user-mcp port: 9090 transport: http description: MCP adapter for Auth0 API — Authorize User. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: auth0-authenticate-user-social-provider description: Auth0 Authenticate a user with a social provider, Database/AD/LDAP (Passive), SAML/Windows Azure AD (Passive), Authorization Code Flow, Authorization Code Grant (PKCE) Flow, or Implicit Flow hints: readOnly: true destructive: false idempotent: true call: auth0-authorize-user.authorize with: audience: tools.audience scope: tools.scope response_type: tools.response_type client_id: tools.client_id redirect_uri: tools.redirect_uri state: tools.state nonce: tools.nonce code_challenge_method: tools.code_challenge_method code_challenge: tools.code_challenge connection: tools.connection prompt: tools.prompt organization: tools.organization invitation: tools.invitation outputParameters: - type: object mapping: $.