Skip to main content
descopeProvider wires authentication through a Descope MCP Server, so your tools receive a signed-in Descope user.

Example

server.ts
import { McpServer, descopeProvider } from "skybridge/server";

const server = new McpServer(
  { name: "personal-shopper", version: "0.0.1" },
  { capabilities: {} },
  {
    oauth: await descopeProvider({
      url: process.env.DESCOPE_DISCOVERY_URL,
    }),
  },
);

Signature

descopeProvider(opts: DescopeProviderOptions): Promise<OAuthConfig>;

Parameters

opts

  • url is the MCP Server’s Discovery URL (its Issuer) from the console’s Connection Information, for example https://api.descope.com/v1/apps/agentic/<projectId>/<mcpServerId>, or your custom domain.
  • audience defaults to the Project ID parsed from the /agentic/<projectId>/<mcpServerId> segment of url (Descope binds the token’s aud to [DCR client id, project id]). If url lacks that segment, such as a custom domain, pass audience explicitly or the server throws at startup.
It also accepts the shared CustomProviderOptions options: baseUrl, serverUrl, scopes, requiredScopes, and metadataOverrides. Requires Dynamic Client Registration enabled on the MCP Server. With DCR disabled and the Alpic DCR proxy, use customProvider with serverUrl instead.

Returns

A Promise for the OAuthConfig you pass to the oauth constructor option.

Connect an Identity Provider

Set up sign-in with a hosted provider

Authenticate Users

Add sign-in to your app end to end

customProvider

Wire OAuth from any IdP’s discovery document