How I Added Enterprise Auth to My AI Agent — Claude Desktop + Descope Tutorial

Your AI agent can process payments — but who's allowed to use it? In this tutorial, I build a secure AI payment clerk with Claude Desktop, n8n, Stripe, and Descope's Agentic Identity Hub. Only the CFO role can access the payment MCP server. Everyone else gets blocked. Most MCP server tutorials skip security entirely. They show you how to connect tools — but not how to control who uses them. In this video, I solve the agent identity problem: API keys prove the tool is connected, not who's using it. There's no role check, no audit trail, no shared identity across your MCP stack. I walk through the full build: configuring Descope's drag-and-drop auth flow (Google OAuth, MFA, magic links — no code), setting up role-based permissions with JWT claims, deploying the auth proxy I built with Descope's MCP SDK on Railway, and wiring it all into Claude Desktop. Then I stress test it — an unauthorized user gets a 403 before n8n even knows they exist. The CFO authenticates through Descope, drops in a PDF invoice, and the payment goes through. You'll also see the auth header swap that keeps credentials isolated between systems, and the unified audit trail that logs every action across every MCP server you connect. This is production-grade AI agent security — not a toy demo. Links: - Try descope for free: https://descope.plug.dev/HxWzDvr - n8n: https://n8n.io - Claude desktop: https://claude.ai - Railway template: https://railway.com/deploy/mOFtYn - Descope n8n auth proxy git repo: https://github.com/derekcheungsa/descope-mcp-proxy Resources - Descope Agentic Identity Hub docs: https://docs.descope.com/agentic-identity-hub - Agentic Identity Hub blog: https://www.descope.com/blog/post/agentic-identity-hub - Descope AI microsite: https://www.descope.ai/ - Descope use cases: https://www.descope.com/use-cases/ai Timestamps: 00:00 Why AI Agents Need an Identity Layer 00:32 What We're Building — AI Payment Clerk Demo 01:00 Full Demo Walkthrough 01:35 The 3 Questions Every Agent Deployment Must Answer 01:48 Intro to Descope's Agentic Identity Hub 02:07 n8n Stripe Payment MCP Server Walkthrough 03:23 Building the Auth Proxy on Railway 04:27 Configuring Descope — Project ID & Access Key 04:58 Creating the MCP Server in Descope 05:51 Drag & Drop Flow Designer (No-Code Auth UI) 08:16 Creating Users, Roles & Permissions 10:05 Audit Trail Overview 10:18 Live Test — Authorized User ✅ 11:04 Live Test — Unauthorized User ❌ 11:30 Architecture Recap & Wrap-Up #DescopeAuth #MCPServer #AIAgentSecurity #ClaudeDesktop #n8nAutomation