OsirisOsiris

Authenticators

All available authentication methods in the Osiris ecosystem

Osiris provides multiple authentication methods to securely connect MCPs with external services and user wallets. All authentication is handled automatically through the Osiris Hub—no client credentials or OAuth setup required.

Zero Configuration Authentication

Developers do not need to acquire, configure, or manage any client IDs, secrets, or OAuth credentials. Osiris handles everything:

  • No OAuth setup—All provider integrations are pre-configured
  • No credential management—Tokens are handled by the Hub
  • No environment variables—No secrets in your codebase
  • Automatic token refresh—Built-in token lifecycle management
  • Scope validation—User permissions enforced automatically

How It Works

  1. MCP Declaration: Your MCP declares which services and scopes it needs
  2. User Authentication: Users authenticate through the Osiris Hub interface
  3. Automatic Access: Your MCP gets authenticated access through getAuthContext()
  4. Action Execution: All service calls are routed through the Hub action API

Authentication Context

All authenticators work through the unified authentication context:

import { getAuthContext } from '@osiris-ai/sdk';

// Get authentication context in any tool
const { token, context } = getAuthContext("osiris");

if (!token || !context) {
  return createErrorResponse("User not authenticated");
}

// Use Hub action API for service calls
const response = await fetch(`https://api.osirislabs.xyz/v1/hub/action/${context.deploymentId}/gmail`, {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${token.access_token}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    // Service-specific parameters
  })
});

OAuth Authenticators

OAuth authenticators provide secure integration with third-party services using industry-standard OAuth 2.0 flows handled by the Hub.

The following authenticators are currently available and ready to use in your MCPs.

Google Services

Connect to Google services including Gmail, Calendar, Drive, and Sheets.

import { createHubGmailClient } from '@osiris-ai/google-sdk';
import { getAuthContext } from '@osiris-ai/sdk';

// In your MCP tool
server.tool(
  'send_email',
  'Send an email through Gmail',
  {
    to: z.string().email(),
    subject: z.string(),
    body: z.string()
  },
  async ({ to, subject, body }) => {
    const { token, context } = getAuthContext("osiris");
    if (!token || !context) {
      return createErrorResponse("User not authenticated");
    }
    
    // Create authenticated Gmail client through Hub
    const gmail = await createHubGmailClient({
      hubBaseUrl: "https://api.osirislabs.xyz/v1",
      token: token,
      context: context
    });
    
    // Send email with authenticated client
    const result = await gmail.users.messages.send({
      userId: 'me',
      requestBody: { /* email data */ }
    });
    
    return createSuccessResponse("Email sent", { messageId: result.data.id });
  }
);

Available Scopes:

  • gmail:send - Send emails
  • gmail:read - Read emails and attachments
  • gmail:modify - Full Gmail access
  • calendar:read - Read calendar events
  • calendar:write - Create and modify calendar events
  • drive:read - Read Google Drive files
  • drive:write - Create and modify Drive files
  • sheets:read - Read Google Sheets
  • sheets:write - Create and modify Sheets

Use Cases:

  • Email automation and management
  • Calendar scheduling and event creation
  • Document and file management
  • Spreadsheet data analysis

GitHub Integration

Integrate with GitHub repositories, issues, and pull requests.

import { createHubGithubClient } from '@osiris-ai/github-sdk';
import { getAuthContext } from '@osiris-ai/sdk';

server.tool(
  'create_issue',
  'Create a GitHub issue',
  {
    owner: z.string(),
    repo: z.string(),
    title: z.string(),
    body: z.string()
  },
  async ({ owner, repo, title, body }) => {
    const { token, context } = getAuthContext("osiris");
    if (!token || !context) {
      return createErrorResponse("User not authenticated");
    }
    
    // Create authenticated GitHub client through Hub
    const github = await createHubGithubClient({
      hubBaseUrl: "https://api.osirislabs.xyz/v1",
      token: token,
      context: context
    });
    
    // Create issue with authenticated client
    const issue = await github.rest.issues.create({
      owner,
      repo,
      title,
      body
    });
    
    return createSuccessResponse("Issue created", { 
      issueUrl: issue.data.html_url,
      issueNumber: issue.data.number
    });
  }
);

Available Scopes:

  • github:repo - Full repository access
  • github:issues:write - Create and manage issues
  • github:pull_requests:write - Create and manage pull requests
  • github:user:email - Access user email addresses

Use Cases:

  • Repository management and automation
  • Issue tracking and project management
  • Code review and collaboration
  • CI/CD integration

Discord Integration

Connect to Discord servers and channels for community management.

Available Scopes:

  • discord:bot - Basic bot permissions
  • discord:messages:read - Read messages in channels
  • discord:messages:write - Send messages to channels
  • discord:guilds - Access server information

Use Cases:

  • Community management and moderation
  • Automated notifications and alerts
  • Bot interactions and commands
  • Server analytics and monitoring

Linear Integration

Integrate with Linear for project management and issue tracking.

Available Scopes:

  • linear:read - Read access to Linear data
  • linear:write - Create and update Linear issues
  • linear:admin - Administrative access

Use Cases:

  • Project management automation
  • Issue creation and tracking
  • Sprint planning and management
  • Team productivity analytics

Slack Integration

Connect to Slack workspaces for team communication and automation.

Available Scopes:

  • slack:channels:read - Read channel information
  • slack:chat:write - Send messages to channels
  • slack:users:read - Read user information
  • slack:files:write - Upload files to Slack

Use Cases:

  • Team communication automation
  • Workflow notifications and alerts
  • File sharing and collaboration
  • Meeting and event coordination

Notion Integration

Integrate with Notion workspaces for knowledge management.

Available Scopes:

  • notion:read - Read pages and databases
  • notion:write - Create and update content
  • notion:all - Full Notion workspace access

Use Cases:

  • Knowledge base management
  • Documentation automation
  • Project planning and tracking
  • Content creation and publishing

Coming Soon

The following authenticators are currently in development and will be available soon. Want to help prioritize which ones get built first? Let us know!

The following authenticators are currently in development and will be available soon:

Stripe Integration 🚧

Connect to Stripe for payment processing and financial automation.

import { getAuthContext } from '@osiris-ai/sdk';

server.tool(
  'create_payment_intent',
  'Create a payment intent for processing',
  {
    amount: z.number(),
    currency: z.string().default('usd'),
    customer_email: z.string().email()
  },
  async ({ amount, currency, customer_email }) => {
    const { token, context } = getAuthContext("osiris");
    if (!token || !context) {
      return createErrorResponse("User not authenticated");
    }
    
    const response = await fetch(`https://api.osirislabs.xyz/v1/hub/action/${context.deploymentId}/stripe`, {
      method: 'POST',
      headers: {
        'Authorization': `Bearer ${token.access_token}`,
        'Content-Type': 'application/json'
      },
      body: JSON.stringify({
        endpoint: '/v1/payment_intents',
        method: 'POST',
        data: {
          amount: amount * 100, // Convert to cents
          currency,
          metadata: { customer_email }
        }
      })
    });
    
    const paymentIntent = await response.json();
    return createSuccessResponse("Payment intent created", paymentIntent);
  }
);

Use Cases:

  • E-commerce payment processing
  • Subscription management
  • Financial reporting and analytics
  • Customer billing automation

AWS Services Integration 🚧

Integrate with Amazon Web Services for cloud automation and infrastructure management.

Use Cases:

  • File storage and content management
  • Serverless function execution
  • Infrastructure monitoring
  • Cloud resource automation

Shopify Integration 🚧

Connect to Shopify stores for e-commerce automation and management.

Use Cases:

  • Order processing automation
  • Inventory management
  • Customer service automation
  • Sales analytics and reporting

Figma Integration 🚧

Integrate with Figma for design collaboration and asset management.

Use Cases:

  • Design review automation
  • Asset extraction and management
  • Collaboration workflow automation
  • Design system maintenance

Jira Integration 🚧

Connect to Atlassian Jira for project management and issue tracking.

Use Cases:

  • Issue creation and management
  • Project tracking automation
  • Sprint planning assistance
  • Development workflow integration

Zoom Integration 🚧

Integrate with Zoom for video conferencing and meeting management.

Use Cases:

  • Meeting scheduling automation
  • Recording management
  • Attendance tracking
  • Integration with calendar systems

Microsoft Teams Integration 🚧

Connect to Microsoft Teams for enterprise communication and collaboration.

Use Cases:

  • Team communication automation
  • Meeting coordination
  • File sharing and collaboration
  • Workflow notifications

Airtable Integration 🚧

Integrate with Airtable for database management and workflow automation.

Use Cases:

  • Database automation
  • Content management systems
  • Project tracking
  • Data analysis and reporting

X (Twitter) Integration 🚧

Connect to X (formerly Twitter) for social media automation and content management.

Use Cases:

  • Content publishing automation
  • Social media monitoring
  • Community management
  • Analytics and engagement tracking

Google Maps Integration 🚧

Integrate with Google Maps for location services and geographic data.

Use Cases:

  • Location-based services
  • Route planning and optimization
  • Geographic data analysis
  • Local business information

Wallet Authenticators

Wallet authenticators provide secure access to blockchain wallets with automatic policy enforcement.

Wallet authentication is currently available and production-ready.

Turnkey Wallet Integration

Enterprise-grade wallet infrastructure with hardware-backed security and policy enforcement.

import { EVMWalletClient } from '@osiris-ai/web3-evm-sdk';
import { getAuthContext } from '@osiris-ai/sdk';

export class DeFiMCP {
  private walletToSession: Record<string, string> = {};

  configureServer(server: McpServer) {
    // Get user's wallet addresses
    server.tool(
      'get_wallet_addresses',
      'Get available wallet addresses',
      {},
      async () => {
        const { token, context } = getAuthContext("osiris");
        if (!token || !context) {
          return createErrorResponse("User not authenticated");
        }
        
        const walletClient = new EVMWalletClient(
          "https://api.osirislabs.xyz/v1",
          token.access_token,
          context.deploymentId
        );
        
        const walletRecords = await walletClient.getWalletRecords();
        const addresses = walletRecords.map(record => 
          record.accounts.addresses.map(addr => ({
            address: addr.address,
            chains: addr.chains
          }))
        ).flat();
        
        return createSuccessResponse("Wallet addresses retrieved", { addresses });
      }
    );

    // Choose wallet for session
    server.tool(
      'choose_wallet',
      'Select wallet address for this session',
      { address: z.string() },
      async ({ address }) => {
        const { token, context } = getAuthContext("osiris");
        if (!token || !context) {
          return createErrorResponse("User not authenticated");
        }
        
        // Store wallet selection for session
        this.walletToSession[context.sessionId] = address;
        
        return createSuccessResponse("Wallet selected", { address });
      }
    );

    // Execute blockchain transaction
    server.tool(
      'send_transaction',
      'Send blockchain transaction with policy validation',
      {
        to: z.string(),
        value: z.string(),
        data: z.string().optional()
      },
      async ({ to, value, data }) => {
        const { token, context } = getAuthContext("osiris");
        if (!token || !context) {
          return createErrorResponse("User not authenticated");
        }
        
        const selectedWallet = this.walletToSession[context.sessionId];
        if (!selectedWallet) {
          return createErrorResponse("No wallet selected. Call choose_wallet first.");
        }
        
        const walletClient = new EVMWalletClient(
          "https://api.osirislabs.xyz/v1",
          token.access_token,
          context.deploymentId
        );
        
        // Policy validation happens automatically in the Hub
        const account = await walletClient.getViemAccount(selectedWallet, "evm:eip155:1");
        const txHash = await walletClient.sendTransaction({
          to,
          value: BigInt(value),
          data: data as `0x${string}`
        });
        
        return createSuccessResponse("Transaction sent", { 
          hash: txHash,
          address: selectedWallet
        });
      }
    );
  }
}

Automatic Policy Enforcement

All wallet operations are automatically validated against user-defined policies:

  • ✅ Transaction amount limits
  • ✅ Allowed recipient addresses
  • ✅ Smart contract interaction rules
  • ✅ Time-based restrictions
  • ✅ Multi-signature requirements

Users set policies through the Osiris Hub, and all transactions are validated automatically.

Features:

  • Hardware-backed security with HSMs
  • Multi-signature wallet support
  • Automatic policy engine integration
  • Enterprise-grade compliance
  • Cross-chain support (Ethereum, Polygon, BSC, etc.)

Use Cases:

  • DeFi protocol interactions
  • Token transfers and swaps
  • Smart contract deployment
  • Institutional trading
  • Cross-chain operations

Secret Sharing Authenticators

Secret sharing authenticators provide secure access to databases and APIs without exposing credentials to MCP developers.

Database Access

Secure database access with encrypted credential storage handled by the Hub.

server.tool(
  'query_database',
  'Execute database query with user credentials',
  {
    query: z.string(),
    table: z.string()
  },
  async ({ query, table }) => {
    const { token, context } = getAuthContext("osiris");
    if (!token || !context) {
      return createErrorResponse("User not authenticated");
    }
    
    // Execute query through Hub action API
    const response = await fetch(`https://api.osirislabs.xyz/v1/hub/action/${context.deploymentId}/postgres`, {
      method: 'POST',
      headers: {
        'Authorization': `Bearer ${token.access_token}`,
        'Content-Type': 'application/json'
      },
      body: JSON.stringify({
        sql: `SELECT * FROM ${table} WHERE user_id = $1 AND ${query}`,
        params: [context.sessionId]
      })
    });
    
    const data = await response.json();
    return createSuccessResponse("Query executed", data);
  }
);

Features:

  • Encrypted credential storage
  • User-controlled access
  • Automatic connection management
  • Query parameter sanitization
  • Audit logging

Supported Databases:

  • PostgreSQL
  • MongoDB
  • Redis
  • SQLite

Use Cases:

  • User data storage and retrieval
  • Analytics and reporting
  • Configuration management
  • Audit logging

MCP Configuration

Configure your MCP to use Hub authentication:

import { createMcpServer } from '@osiris-ai/sdk';
import { PostgresDatabaseAdapter } from '@osiris-ai/postgres-sdk';

await createMcpServer({
  name: 'my-mcp',
  version: '1.0.0',
  auth: {
    useHub: true,
    hubConfig: {
      baseUrl: process.env.HUB_BASE_URL,
      clientId: process.env.OAUTH_CLIENT_ID,
      clientSecret: process.env.OAUTH_CLIENT_SECRET,
    },
    database: new PostgresDatabaseAdapter({
      connectionString: process.env.DATABASE_URL
    })
  },
  server: {
    port: 3001,
    mcpPath: '/mcp',
    callbackBasePath: '/callback',
    baseUrl: process.env.MCP_BASE_URL
  },
  configure: (server) => {
    // Register your tools here
    myMCP.configureServer(server);
  }
});

User Experience

Authentication Flow

  1. User connects MCP: Through Osiris Hub interface
  2. Service selection: User chooses which services to connect (Google, GitHub, etc.)
  3. Permission granting: User grants specific scopes through official OAuth flows
  4. Policy setup: User configures policies for wallet operations (optional)
  5. Ready to use: MCP can now access services on user's behalf

Action Transparency

  • Complete audit trail: Every action taken by MCPs is logged
  • User dashboard: Users can view all actions in real-time
  • Permission management: Users can revoke access at any time
  • Policy enforcement: Automatic validation against user-defined rules

Developer Benefits

  • Zero authentication code: No OAuth flows to implement
  • Automatic token management: Refresh, retry, and error handling
  • Built-in security: Industry-standard encryption and validation
  • User trust: Transparent actions build confidence
  • Faster development: Focus on features, not auth infrastructure

Ready to build? Check out our Authentication Context guide to start using these authenticators in your MCP tools.

Quickstart to build Web3 MCPs

A step-by-step guide to creating a new Authenticated MCP using the Osiris CLI.

Policy Engine

Advanced policy enforcement for blockchain transactions and wallet security