Labsco
yilmazali325 logo

getmcpauth

from yilmazali325

Hosted OAuth 2.1 + Dynamic Client Registration (RFC 7591) for MCP servers

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedFreeQuick setup

mcpauth

npm downloads

Drop-in OAuth 2.1 + Dynamic Client Registration (RFC 7591) for MCP servers, backed by mcpauth.

Wraps the official @modelcontextprotocol/sdk's requireBearerAuth middleware so unauthenticated or invalid requests get rejected with a spec-correct 401 before they ever reach your MCP server's handlers.

API

  • mcpAuth(options) โ€” Express middleware. Successful token verifications are cached in-process (default 30s) so a chatty agent conversation doesn't trigger a network round trip on every tool call.
  • createMcpAuthHandler(options) โ€” the Next.js/Fetch-API equivalent above, returning a (request: Request) => Promise<Response> handler. Same caching behavior as mcpAuth().
  • McpAuthTokenVerifier โ€” implements the official SDK's OAuthTokenVerifier interface directly, for lower-level use.
  • mintToken(options) โ€” for MCP servers embedded in a product that already has its own users: your backend, which already knows who its logged-in user is, mints a token server-to-server without routing that user through mcpauth's own login.
  • protectedResourceMetadata(options) / mcpAuthResourceMetadataHandler(options) โ€” RFC 9728 resource-metadata helpers.

Full docs: getmcpauth.dev/docs