@koduhai/mcp-kit
    Preparing search index...

    Function discoverOAuthMetadata

    @koduhai/mcp-kit/auth — make a remote (Streamable HTTP) MCP server a spec-compliant OAuth 2.1 Resource Server. Supplies the token verifiers the MCP SDK needs but does not ship (JWKS + introspection) and a one-call protectMcpServer assembly.

    Peers: @modelcontextprotocol/sdk, express, jose.

    • Discover an Authorization Server's metadata (RFC 8414) from its issuer URL. Tries the OAuth well-known path first, then OIDC discovery. The result feeds protectMcpServer (and supplies jwks_uri for jwtVerifier).

      Parameters

      Returns Promise<
          {
              authorization_endpoint: string;
              client_id_metadata_document_supported?: boolean;
              code_challenge_methods_supported?: string[];
              grant_types_supported?: string[];
              introspection_endpoint?: string;
              introspection_endpoint_auth_methods_supported?: string[];
              introspection_endpoint_auth_signing_alg_values_supported?: string[];
              issuer: string;
              registration_endpoint?: string;
              response_modes_supported?: string[];
              response_types_supported: string[];
              revocation_endpoint?: string;
              revocation_endpoint_auth_methods_supported?: string[];
              revocation_endpoint_auth_signing_alg_values_supported?: string[];
              scopes_supported?: string[];
              service_documentation?: string;
              token_endpoint: string;
              token_endpoint_auth_methods_supported?: string[];
              token_endpoint_auth_signing_alg_values_supported?: string[];
              [key: string]: unknown;
          },
      >

      when neither well-known document can be fetched.

    Settings

    Member Visibility