Authentication

The DigiUsher MCP Server uses OAuth 2.0 Authorization Code flow via OpenID Connect to authenticate users securely.

How It Works

1. When you first connect from an MCP client (Claude.ai, Claude Desktop, etc.), the client redirects you to DigiUsher's identity provider
2. You sign in with your DigiUsher credentials — the same ones you use at app.digiusher.com
3. After successful authentication, the MCP server receives an access token scoped to your account
4. All subsequent tool calls use this token to query data on your behalf

Your password is never seen or stored by the MCP server. Authentication is handled entirely by the identity provider.

What the Server Can Access

• Only your data: The server accesses only organizations and resources that your DigiUsher account has permission to view
• Read-only: All 25 tools are strictly read-only. No changes are ever made to your cloud infrastructure, DigiUsher configuration, or account settings
• Same permissions as the web app: The MCP server follows the same permission model as the DigiUsher web application

Scopes

The server requests the following OAuth scopes:

Token Lifecycle

• Access tokens are short-lived and expire automatically
• Your MCP client handles token refresh transparently — you should not need to re-authenticate during a session
• To revoke access, disconnect the MCP server from your client's settings

Supported Redirect URIs

For developers building custom MCP client integrations, the server accepts OAuth callbacks to these URIs:

Privacy & Security

• The MCP server does not store any user data. It proxies requests to the DigiUsher API and returns results directly
• All communication uses HTTPS/TLS encryption
• No conversation content or prompts are collected by the MCP server
• See our full Privacy Policy for details