@koduhai/mcp-kit
    Preparing search index...

    Interface ProtectMcpServerOptions

    interface ProtectMcpServerOptions {
        app: Express;
        fetch?: (
            input: string | URL | Request,
            init?: RequestInit,
        ) => Promise<Response>;
        issuer?: string;
        oauthMetadata?: {
            authorization_endpoint: string;
            client_id_metadata_document_supported?: boolean;
            code_challenge_methods_supported?: string[];
            grant_types_supported?: string[];
            introspection_endpoint?: string;
            introspection_endpoint_auth_methods_supported?: string[];
            introspection_endpoint_auth_signing_alg_values_supported?: string[];
            issuer: string;
            registration_endpoint?: string;
            response_modes_supported?: string[];
            response_types_supported: string[];
            revocation_endpoint?: string;
            revocation_endpoint_auth_methods_supported?: string[];
            revocation_endpoint_auth_signing_alg_values_supported?: string[];
            scopes_supported?: string[];
            service_documentation?: string;
            token_endpoint: string;
            token_endpoint_auth_methods_supported?: string[];
            token_endpoint_auth_signing_alg_values_supported?: string[];
            [key: string]: unknown;
        };
        requiredScopes?: string[];
        resourceName?: string;
        resourceServerUrl: string
        | URL;
        scopesSupported?: string[];
        serviceDocumentationUrl?: string | URL;
        verifier: OAuthTokenVerifier;
    }
    Index

    Properties

    app fetch? issuer? oauthMetadata? requiredScopes? resourceName? resourceServerUrl scopesSupported? serviceDocumentationUrl? verifier

    Properties

    app: Express

    Your Express app. The RFC 9728 metadata endpoints are mounted on it.

    fetch?: (input: string | URL | Request, init?: RequestInit) => Promise<Response>

    Injectable fetch for issuer discovery.

    issuer?: string

    Issuer URL to discover AS metadata from when oauthMetadata is not given.

    oauthMetadata?: {
        authorization_endpoint: string;
        client_id_metadata_document_supported?: boolean;
        code_challenge_methods_supported?: string[];
        grant_types_supported?: string[];
        introspection_endpoint?: string;
        introspection_endpoint_auth_methods_supported?: string[];
        introspection_endpoint_auth_signing_alg_values_supported?: string[];
        issuer: string;
        registration_endpoint?: string;
        response_modes_supported?: string[];
        response_types_supported: string[];
        revocation_endpoint?: string;
        revocation_endpoint_auth_methods_supported?: string[];
        revocation_endpoint_auth_signing_alg_values_supported?: string[];
        scopes_supported?: string[];
        service_documentation?: string;
        token_endpoint: string;
        token_endpoint_auth_methods_supported?: string[];
        token_endpoint_auth_signing_alg_values_supported?: string[];
        [key: string]: unknown;
    }

    The Authorization Server metadata. Provide this OR issuer to discover it.

    requiredScopes?: string[]

    Scopes a token must carry to be allowed through (enforced on each request).

    resourceName?: string

    Human-readable resource name for the metadata document.

    resourceServerUrl: string | URL

    The public URL of this MCP server (its OAuth resource identifier).

    scopesSupported?: string[]

    Scopes advertised in Protected Resource Metadata.

    serviceDocumentationUrl?: string | URL

    Docs URL advertised in the metadata document.

    verifier: OAuthTokenVerifier

    A token verifier — e.g. jwtVerifier or introspectionVerifier.

    Settings

    Member Visibility

    On This Page

    Properties