Skip to main content
workosProvider wires authentication through WorkOS AuthKit, so your tools receive a signed-in WorkOS user.

Example

server.ts
import { McpServer, workosProvider } from "skybridge/server";

const server = new McpServer(
  { name: "personal-shopper", version: "0.0.1" },
  { capabilities: {} },
  {
    oauth: await workosProvider({
      domain: process.env.AUTHKIT_DOMAIN,
      audience: process.env.SERVER_URL,
    }),
  },
);

Signature

workosProvider(opts: WorkosProviderOptions): Promise<OAuthConfig>;

Parameters

opts

  • domain is the AuthKit domain, for example acme.authkit.app.
  • audience is the Resource Indicator configured in the WorkOS dashboard, typically this server’s public URL. AuthKit binds it into the token’s aud claim.
It also accepts the shared CustomProviderOptions options: baseUrl, serverUrl, scopes, requiredScopes, and metadataOverrides. Requires Dynamic Client Registration enabled in the WorkOS dashboard (Connect → Configuration).

Returns

A Promise for the OAuthConfig you pass to the oauth constructor option.

Connect an Identity Provider

Set up sign-in with a hosted provider

Authenticate Users

Add sign-in to your app end to end

customProvider

Wire OAuth from any IdP’s discovery document