Labsco
vibelogin logo

VibeLogin MCP

from vibelogin

Add authentication to your app - no code, no config, never leave your IDE

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedFreeQuick setup

@vibelogin/mcp

Add authentication to your app without leaving your IDE. MCP server for Cursor, Claude Code, Windsurf, and Cline.

Just say "add authentication to my app" โ€” the agent creates your project, configures auth methods, wires up Google OAuth, and scaffolds a working sign-in flow into your codebase. All from your editor's chat.


Authentication

On first use, a browser window opens for one-click consent. After that, you're authenticated for 30 days โ€” no further prompts.


Tools

The agent picks the right tools automatically based on your conversation. Just say what you need.

create_project

Creates a new VibeLogin project in your org. Returns the project's id, slug, oauthSlug, environment, publishable key, and secret key (shown once).

ParamTypeRequiredDescription
namestringyesHuman-readable project name.
slugstringnoURL-safe slug; auto-generated from name if omitted.
environmentenumnoproduction | development | staging (default production).

list_projects

Lists every project in your org. Use this when the agent needs to discover what already exists before creating something new.

No parameters.

get_project

Look up a single project by id, slug, or oauthSlug.

ParamTypeRequiredDescription
idOrSlugstringyesProject id, slug, or oauthSlug.

configure_auth

Toggle auth methods, set redirect URLs, and/or wire up Google OAuth. Field-level updates โ€” anything you don't set is left untouched.

ParamTypeRequiredDescription
projectIdstringyesThe project's id.
methods.emailPasswordbooleannoEnable email + password sign-in.
methods.magicLinkbooleannoEnable magic link emails.
methods.emailOtpbooleannoEnable 6-digit email OTP codes.
methods.passwordResetbooleannoEnable password reset emails.
methods.emailVerificationbooleannoRequire email verification on signup.
google.clientIdstringwith googleGoogle OAuth client ID (from Google Cloud Console).
google.clientSecretstringwith googleGoogle OAuth client secret.
google.enabledbooleannoDefault true.
redirectUrlsstring[]noOverwrites the project's allowed redirect URL list.

If you call this without google, the response includes the exact Google Cloud Console URL + redirect URI you need to set up the credentials.

add_auth_to_project

Scaffold a working sign-in flow into your codebase. Detects the framework from package.json and writes non-destructive files (existing files are skipped, never clobbered).

Supported frameworks today: Next.js (App Router), Vite + React. Refused with guidance: Remix, Astro, Express, unknown.

ParamTypeRequiredDescription
projectDirstringyesAbsolute path to the project root.
slugstringyesThe project's oauthSlug (from create_project).
publishableKeystringyesThe project's publishable key.
appUrlstringyesYour app's origin (e.g. https://myapp.com).

Files written for Next.js

middleware.ts                       # hostedAuthMiddleware
app/auth/callback/route.ts          # createCallbackHandler
app/login/page.tsx                  # <VibeLogin />
.env.local.example                  # publishable key + secret placeholder

Next steps printed by the tool:

  1. pnpm add @vibelogin/nextjs
  2. Copy .env.local.example โ†’ .env.local, fill VIBELOGIN_SECRET_KEY
  3. pnpm dev โ†’ open /login

Files written for Vite + React

src/auth/VibeLoginProvider.tsx      # context + useVibeLogin() hook
src/auth/Login.tsx                  # /login redirect to hosted UI
src/auth/Callback.tsx               # /auth/callback handler
.env.example                        # VITE_-prefixed publishable key

Next steps printed by the tool:

  1. pnpm add @vibelogin/react react-router-dom
  2. Wrap <App/> in <VibeLoginProvider/>
  3. Add routes /login and /auth/callback
  4. Copy .env.example โ†’ .env.local
  5. pnpm dev โ†’ open /login

Example conversations

You: "Add VibeLogin to this Next.js app. Email + password and Google sign-in."

Agent: (calls create_project { name: "myapp", environment: "production" }) Created myapp (pk_live_โ€ฆ). (calls configure_auth { projectId, methods: { emailPassword: true } }) Email + password enabled. To turn on Google, I need a Client ID and Secret from Google Cloud Console โ€” here's the redirect URI to authorize: https://api.vibelogin.com/oauth/myapp-xyz/google/callback. (after you paste creds:) (calls configure_auth { google: { clientId, clientSecret } }) (calls add_auth_to_project { projectDir: ".", slug: "myapp-xyz", publishableKey: "pk_live_โ€ฆ", appUrl: "https://myapp.com" }) Scaffold complete (next). Wrote middleware.ts, app/auth/callback/route.ts, app/login/page.tsx, .env.local.example. Run pnpm add @vibelogin/nextjs && pnpm dev and open /login.

You: "What projects do I have already?"

Agent: (calls list_projects) You have 3: myapp (production), myapp-staging (staging), internal-tools (development).


Security

  • No secrets in the agent โ€” authentication uses loopback OAuth + PKCE (RFC 8252)
  • Single-use authorization codes with 2-minute TTL
  • Rotated refresh tokens โ€” every refresh invalidates the previous one
  • Credentials stored securely โ€” chmod 600 on ~/.vibelogin/credentials.json

Supported frameworks

FrameworkStatus
Next.js (App Router)Fully supported
Vite + ReactFully supported
Remix, Astro, ExpressComing soon