AccessIQ - MCP Based Authorization Chatbot
AccessIQ is an authorization-aware AI chatbot that demonstrates how to safely combine natural-language interaction with structured authentication and fine-grained access control.
Built as a reference implementation around Auth0, LangGraph, PostgreSQL, and MCP, the project shows how users can log in, ask for data in plain language, and receive only the information they are authorized to access.
It showcases a production-style architecture where Auth0 handles identity, the backend validates trusted claims, LangGraph orchestrates request understanding, PostgreSQL stores protected resource data, and MCP acts as the centralized policy decision point for RBAC and ABAC enforcement.
Unlike a basic chatbot, AccessIQ ensures that natural-language requests never bypass security. Every protected action flows through a controlled authorization path before data is retrieved or returned.
What It Demonstrates
AccessIQ illustrates how to:
- Authenticate users securely with Auth0 and trusted JWT claims
- Enforce centralized authorization through MCP before any protected action
- Combine RBAC and ABAC using user claims and resource metadata
- Use LangGraph for orchestration without letting the LLM decide access
- Apply metadata-first authorization checks before reading sensitive content
- Return different results for the same query based on user role, department, and clearance level
- Build a secure backend flow where only authorized data reaches the response layer
Designed for developers, platform teams, and AI builders, AccessIQ serves as a practical blueprint for building LLM-powered applications that respect strict access boundaries.
Key Capabilities
Auth0-Based Authentication
Uses Auth0 for login, JWT issuance, and trusted user identity with claims such as role, department, and clearance level.
Centralized Authorization via MCP
Routes every protected operation through MCP, which acts as the single policy decision point for allow, deny, and query-level filters.
RBAC + ABAC Enforcement
Combines role-based access with attribute checks such as department alignment, ownership, and sensitivity clearance
LangGraph-Orchestrated Chat Workflow
Uses LangGraph to interpret user intent and coordinate system flow while keeping authorization fully outside the LLM.
Metadata-First Secure Retrieval
Performs minimal resource metadata lookups first, then fetches full protected content only after MCP approval.
PostgreSQL Resource Store
Stores protected reports and resource attributes needed for policy evaluation, including owner, department, and sensitivity.
Dockerized Multi-Service Blueprint
Designed to run as a local multi-container setup with frontend, backend, PostgreSQL, and optional MCP service through Docker Compose.