mcpAuthMetadataRouter advertises that, so clients can discover your authorization server on their own.
Example
The server publishes where to authorize, so a client hitting a 401 can find the authorization server on its own.server.ts
Signature
Parameters
options
| Field | Purpose |
|---|---|
oauthMetadata | Your authorization server’s RFC 8414 metadata. At minimum the issuer, authorization_endpoint, token_endpoint, and response_types_supported. |
resourceServerUrl | This MCP server’s URL. Published in the protected-resource metadata so clients map this server to its authorization server. |
scopesSupported | The scopes this server recognizes. |
serviceDocumentationUrl | Link to human-readable docs for this server. |
resourceName | Display name for this resource in the metadata. |
Check your OAuth provider’s docs for the metadata values it expects.
Returns
An ExpressRouter to pass to server.use. It serves your OAuth 2.0 Protected Resource Metadata at /.well-known/oauth-protected-resource.
requireBearerAuth
Require a token on every request
optionalBearerAuth
Accept a token when present, allow anonymous otherwise
Authenticate Users
Add sign-in to your app end to end