For security purposes, the Auth0 Model Context Protocol server grants no scopes by default and required scopes must be requested during initialization. After your server is initialized, you can manually set scopes using a glob pattern, an example of which is below: 
# Select all read scopes
npx @auth0/auth0-mcp-server init --scopes 'read:*'

# Select multiple scope patterns (comma-separated)
npx @auth0/auth0-mcp-server init --scopes 'read:*,create:clients,update:actions'
Depending on the type of management operation or tool you wish to use, you may need to request additional scopes to successfully execute the MCP operation on your client. Below are the available scopes.
Management OperationMCP ToolRequired ScopePotential Implications
Get details about a specific Auth0 applicationauth0_get_applicationread:clientsAllows viewing potentially sensitive application configuration details
Get details about a specific Auth0 applicationauth0_get_applicationread:clientsAllows viewing potentially sensitive application configuration details
Create a new Auth0 applicationauth0_create_applicationcreate:clientsEnables creating new applications that could be used for authentication flows
Update an existing Auth0 applicationauth0_update_applicationupdate:clientsCan modify critical application settings, potentially disrupting authentication for users
List all resource servers (APIs) in the Auth0 tenantauth0_list_resource_serversread:resource_serversExposes all API configurations and their scopes
Get details about a specific Auth0 resource serverauth0_create_resource_servercreate:resource_serversReveals API configuration details including signing algorithms and token settings
Create a new Auth0 resource server (API)auth0_get_resource_serverread:resource_serversAllows defining new APIs and scopes that could be used for access control
Update an existing Auth0 resource server (API)auth0_update_resource_serverupdate:resource_serversCan modify API configurations, potentially affecting applications that rely on those APIs
List all actions in the Auth0 tenantauth0_list_actionsread:actionsReveals all custom code that runs during authentication flows
Get details about a specific Auth0 actionauth0_get_actionread:actionsExposes custom code and logic for authentication flows
Create a new Auth0 actionauth0_create_actioncreate:actionsAllows creation of custom code that can modify authentication flows and user data
Update an existing Auth0 actionauth0_update_actionupdate:actionsCan modify custom code that affects authentication security and behavior
Deploy an Auth0 actionauth0_deploy_actionupdate:actionsPushes custom code into production, potentially affecting all users’ authentication experience
List logs from the Auth0 tenantauth0_list_logsread:logsExposes detailed information about user activity, failed logins, and security events
Get a specific log entry by IDauth0_get_logread:logsProvides detailed data about specific authentication events, potentially including PII
List all forms in the Auth0 tenantauth0_list_formsread:formsReveals custom form configurations for login, registration, and password reset
Get details about a specific Auth0 formauth0_get_formread:formsExposes detailed form configuration including field validation and design
Create a new Auth0 formauth0_create_formcreate:formsAllows creation of custom authentication forms that collect user data
Update an existing Auth0 formauth0_update_formupdate:formsCan modify user-facing forms, potentially affecting authentication experience
Publish an Auth0 formauth0_publish_formupdate:formsMakes form changes live for all users, potentially affecting production authentication