MCP TypeScript SDK (V2) / @modelcontextprotocol/server-legacy / auth/clients
auth/clients
Interfaces
OAuthRegisteredClientsStore
Defined in: packages/server-legacy/src/auth/clients.ts:6
Stores information about registered OAuth clients for this server.
Methods
getClient()
getClient(
clientId): {application_type?:string;client_id:string;client_id_issued_at?:number;client_name?:string;client_secret?:string;client_secret_expires_at?:number;client_uri?:string;contacts?:string[];grant_types?:string[];jwks?:any;jwks_uri?:string;logo_uri?:string;policy_uri?:string;redirect_uris:string[];response_types?:string[];scope?:string;software_id?:string;software_statement?:string;software_version?:string;token_endpoint_auth_method?:string;tos_uri?:string; } |Promise<{application_type?:string;client_id:string;client_id_issued_at?:number;client_name?:string;client_secret?:string;client_secret_expires_at?:number;client_uri?:string;contacts?:string[];grant_types?:string[];jwks?:any;jwks_uri?:string;logo_uri?:string;policy_uri?:string;redirect_uris:string[];response_types?:string[];scope?:string;software_id?:string;software_statement?:string;software_version?:string;token_endpoint_auth_method?:string;tos_uri?:string; } |undefined> |undefined
Defined in: packages/server-legacy/src/auth/clients.ts:10
Returns information about a registered client, based on its ID.
Parameters
clientId
string
Returns
Type Literal
{ application_type?: string; client_id: string; client_id_issued_at?: number; client_name?: string; client_secret?: string; client_secret_expires_at?: number; client_uri?: string; contacts?: string[]; grant_types?: string[]; jwks?: any; jwks_uri?: string; logo_uri?: string; policy_uri?: string; redirect_uris: string[]; response_types?: string[]; scope?: string; software_id?: string; software_statement?: string; software_version?: string; token_endpoint_auth_method?: string; tos_uri?: string; }
application_type?
optionalapplication_type?:string
OIDC Dynamic Client Registration application_type. MCP clients MUST set this to 'native' or 'web' when registering (SEP-837); the SDK defaults it from redirect_uris when omitted. Typed as string (not an enum) so that parsing an authorization server's registration response — which under RFC 7591 may echo extension values — never rejects the document on this field alone.
client_id
client_id:
string
client_id_issued_at?
optionalclient_id_issued_at?:number
client_name?
optionalclient_name?:string
client_secret?
optionalclient_secret?:string
client_secret_expires_at?
optionalclient_secret_expires_at?:number
client_uri?
optionalclient_uri?:string
contacts?
optionalcontacts?:string[]
grant_types?
optionalgrant_types?:string[]
jwks?
optionaljwks?:any
jwks_uri?
optionaljwks_uri?:string
logo_uri?
optionallogo_uri?:string=OptionalSafeUrlSchema
policy_uri?
optionalpolicy_uri?:string
redirect_uris
redirect_uris:
string[]
response_types?
optionalresponse_types?:string[]
scope?
optionalscope?:string
software_id?
optionalsoftware_id?:string
software_statement?
optionalsoftware_statement?:string
software_version?
optionalsoftware_version?:string
token_endpoint_auth_method?
optionaltoken_endpoint_auth_method?:string
tos_uri?
optionaltos_uri?:string=OptionalSafeUrlSchema
Promise<{ application_type?: string; client_id: string; client_id_issued_at?: number; client_name?: string; client_secret?: string; client_secret_expires_at?: number; client_uri?: string; contacts?: string[]; grant_types?: string[]; jwks?: any; jwks_uri?: string; logo_uri?: string; policy_uri?: string; redirect_uris: string[]; response_types?: string[]; scope?: string; software_id?: string; software_statement?: string; software_version?: string; token_endpoint_auth_method?: string; tos_uri?: string; } | undefined>
undefined
registerClient()?
optionalregisterClient(client): {application_type?:string;client_id:string;client_id_issued_at?:number;client_name?:string;client_secret?:string;client_secret_expires_at?:number;client_uri?:string;contacts?:string[];grant_types?:string[];jwks?:any;jwks_uri?:string;logo_uri?:string;policy_uri?:string;redirect_uris:string[];response_types?:string[];scope?:string;software_id?:string;software_statement?:string;software_version?:string;token_endpoint_auth_method?:string;tos_uri?:string; } |Promise<{application_type?:string;client_id:string;client_id_issued_at?:number;client_name?:string;client_secret?:string;client_secret_expires_at?:number;client_uri?:string;contacts?:string[];grant_types?:string[];jwks?:any;jwks_uri?:string;logo_uri?:string;policy_uri?:string;redirect_uris:string[];response_types?:string[];scope?:string;software_id?:string;software_statement?:string;software_version?:string;token_endpoint_auth_method?:string;tos_uri?:string; }>
Defined in: packages/server-legacy/src/auth/clients.ts:19
Registers a new client with the server. The client ID and secret will be automatically generated by the library. A modified version of the client information can be returned to reflect specific values enforced by the server.
NOTE: Implementations should NOT delete expired client secrets in-place. Auth middleware provided by this library will automatically check the client_secret_expires_at field and reject requests with expired secrets. Any custom logic for authenticating clients should check the client_secret_expires_at field as well.
If unimplemented, dynamic client registration is unsupported.
Parameters
client
Omit<OAuthClientInformationFull, "client_id" | "client_id_issued_at">
Returns
Type Literal
{ application_type?: string; client_id: string; client_id_issued_at?: number; client_name?: string; client_secret?: string; client_secret_expires_at?: number; client_uri?: string; contacts?: string[]; grant_types?: string[]; jwks?: any; jwks_uri?: string; logo_uri?: string; policy_uri?: string; redirect_uris: string[]; response_types?: string[]; scope?: string; software_id?: string; software_statement?: string; software_version?: string; token_endpoint_auth_method?: string; tos_uri?: string; }
application_type?
optionalapplication_type?:string
OIDC Dynamic Client Registration application_type. MCP clients MUST set this to 'native' or 'web' when registering (SEP-837); the SDK defaults it from redirect_uris when omitted. Typed as string (not an enum) so that parsing an authorization server's registration response — which under RFC 7591 may echo extension values — never rejects the document on this field alone.
client_id
client_id:
string
client_id_issued_at?
optionalclient_id_issued_at?:number
client_name?
optionalclient_name?:string
client_secret?
optionalclient_secret?:string
client_secret_expires_at?
optionalclient_secret_expires_at?:number
client_uri?
optionalclient_uri?:string
contacts?
optionalcontacts?:string[]
grant_types?
optionalgrant_types?:string[]
jwks?
optionaljwks?:any
jwks_uri?
optionaljwks_uri?:string
logo_uri?
optionallogo_uri?:string=OptionalSafeUrlSchema
policy_uri?
optionalpolicy_uri?:string
redirect_uris
redirect_uris:
string[]
response_types?
optionalresponse_types?:string[]
scope?
optionalscope?:string
software_id?
optionalsoftware_id?:string
software_statement?
optionalsoftware_statement?:string
software_version?
optionalsoftware_version?:string
token_endpoint_auth_method?
optionaltoken_endpoint_auth_method?:string
tos_uri?
optionaltos_uri?:string=OptionalSafeUrlSchema
Promise<{ application_type?: string; client_id: string; client_id_issued_at?: number; client_name?: string; client_secret?: string; client_secret_expires_at?: number; client_uri?: string; contacts?: string[]; grant_types?: string[]; jwks?: any; jwks_uri?: string; logo_uri?: string; policy_uri?: string; redirect_uris: string[]; response_types?: string[]; scope?: string; software_id?: string; software_statement?: string; software_version?: string; token_endpoint_auth_method?: string; tos_uri?: string; }>