Skip to main content
Defined in: client/auth.ts:138

Implements

  • OAuthClientProvider

Constructors

Constructor

new OAuth(options?): OAuth;
Defined in: client/auth.ts:155

Parameters

options?
OAuthOptions = {}

Returns

OAuth

Accessors

callbackServerPort

Get Signature

get callbackServerPort(): number | null;
Defined in: client/auth.ts:280 Returns the actual port the callback server bound to. Only populated after redirectToAuthorization() has been called.
Returns
number | null

clientMetadata

Get Signature

get clientMetadata(): {
};
Defined in: client/auth.ts:182 Metadata about this OAuth client.
Returns
{
}

Implementation of

OAuthClientProvider.clientMetadata

redirectUrl

Get Signature

get redirectUrl(): string | URL;
Defined in: client/auth.ts:177 The URL to redirect the user agent to after authorization. Return undefined for non-interactive flows that don’t require user interaction (e.g., client_credentials, jwt-bearer).
Returns
string | URL

Implementation of

OAuthClientProvider.redirectUrl

Methods

_bind()

_bind(serverUrl): void;
Defined in: client/auth.ts:171 Binds the MCP server URL so that all storage keys are namespaced by it. Called by Client before connecting.

Parameters

serverUrl
string

Returns

void

clientInformation()

clientInformation(): Promise<OAuthClientInformationMixed | undefined>;
Defined in: client/auth.ts:194 Loads information about this OAuth client, as registered already with the server, or returns undefined if the client is not registered with the server.

Returns

Promise<OAuthClientInformationMixed | undefined>

Implementation of

OAuthClientProvider.clientInformation

codeVerifier()

codeVerifier(): string;
Defined in: client/auth.ts:240 Loads the PKCE code verifier for the current session, necessary to validate the authorization result.

Returns

string

Implementation of

OAuthClientProvider.codeVerifier

discoveryState()

discoveryState(): Promise<OAuthDiscoveryState | undefined>;
Defined in: client/auth.ts:268 Returns previously saved discovery state, or undefined if none is cached. When available, auth restores the discovery state (authorization server URL, resource metadata, etc.) instead of performing RFC 9728 discovery, reducing latency on subsequent calls. Providers should clear cached discovery state on repeated authentication failures (via invalidateCredentials with scope 'discovery' or 'all') to allow re-discovery in case the authorization server has changed.

Returns

Promise<OAuthDiscoveryState | undefined>

Implementation of

OAuthClientProvider.discoveryState

invalidateCredentials()

invalidateCredentials(scope): Promise<void>;
Defined in: client/auth.ts:247 If implemented, provides a way for the client to invalidate (e.g. delete) the specified credentials, in the case where the server has indicated that they are no longer valid. This avoids requiring the user to intervene manually.

Parameters

scope
"all" | "client" | "tokens" | "verifier" | "discovery"

Returns

Promise<void>

Implementation of

OAuthClientProvider.invalidateCredentials

redirectToAuthorization()

redirectToAuthorization(authorizationUrl): Promise<void>;
Defined in: client/auth.ts:221 Invoked to redirect the user agent to the given URL to begin the authorization flow.

Parameters

authorizationUrl
URL

Returns

Promise<void>

Implementation of

OAuthClientProvider.redirectToAuthorization

saveClientInformation()

saveClientInformation(info): Promise<void>;
Defined in: client/auth.ts:206 If implemented, this permits the OAuth client to dynamically register with the server. Client information saved this way should later be read via clientInformation(). This method is not required to be implemented if client information is statically known (e.g., pre-registered).

Parameters

info
OAuthClientInformationMixed

Returns

Promise<void>

Implementation of

OAuthClientProvider.saveClientInformation

saveCodeVerifier()

saveCodeVerifier(codeVerifier): void;
Defined in: client/auth.ts:236 Saves a PKCE code verifier for the current session, before redirecting to the authorization flow.

Parameters

codeVerifier
string

Returns

void

Implementation of

OAuthClientProvider.saveCodeVerifier

saveDiscoveryState()

saveDiscoveryState(state): Promise<void>;
Defined in: client/auth.ts:264 Saves the OAuth discovery state after RFC 9728 and authorization server metadata discovery. Providers can persist this state to avoid redundant discovery requests on subsequent auth calls. This state can also be provided out-of-band (e.g., from a previous session or external configuration) to bootstrap the OAuth flow without discovery. Called by auth after successful discovery.

Parameters

state
OAuthDiscoveryState

Returns

Promise<void>

Implementation of

OAuthClientProvider.saveDiscoveryState

saveTokens()

saveTokens(tokens): Promise<void>;
Defined in: client/auth.ts:217 Stores new OAuth tokens for the current session, after a successful authorization.

Parameters

tokens

Returns

Promise<void>

Implementation of

OAuthClientProvider.saveTokens

tokens()

tokens(): Promise<
  | {
}
  | undefined>;
Defined in: client/auth.ts:211 Loads any existing OAuth tokens for the current session, or returns undefined if there are no saved tokens.

Returns

Promise< | { } | undefined>

Implementation of

OAuthClientProvider.tokens

waitForCallback()

waitForCallback(timeoutMs?): Promise<string>;
Defined in: client/auth.ts:290 Waits for the OAuth authorization code to arrive via the callback server, then stops the server and resolves with the code. Must be called after the UnauthorizedError thrown by connect() is caught.

Parameters

timeoutMs?
number = ...

Returns

Promise<string>