Function protectMcpServer

protectMcpServer(opts: ProtectMcpServerOptions): Promise<ProtectMcpServerResult>
Turn an Express app into a spec-compliant MCP OAuth 2.1 Resource Server in one call: serve Protected Resource Metadata (RFC 9728), and return a requireAuth middleware that validates bearer tokens with your verifier and emits a discovery-pointing WWW-Authenticate header on 401. You wire requireAuth onto your Streamable-HTTP MCP route.
Parameters
- opts: ProtectMcpServerOptions
Returns Promise<ProtectMcpServerResult>
Example
```
const { requireAuth } = await protectMcpServer({
  app, resourceServerUrl: 'https://mcp.example.com',
  issuer: 'https://auth.example.com',
  verifier: jwtVerifier({ issuer: 'https://auth.example.com', audience: 'https://mcp.example.com' }),
  scopesSupported: ['mcp:tools'],
});
app.post('/mcp', requireAuth, mcpHttpHandler);
```
- Defined in src/auth/protect.ts:58