This is the documentation for the v2 beta — looking for the v1 documentation?
Skip to content

MCP TypeScript SDK (V2) / @modelcontextprotocol/server-legacy / auth/clients

auth/clients

Interfaces

OAuthRegisteredClientsStore

Defined in: packages/server-legacy/src/auth/clients.ts:6

Stores information about registered OAuth clients for this server.

Methods

getClient()

getClient(clientId): { application_type?: string; client_id: string; client_id_issued_at?: number; client_name?: string; client_secret?: string; client_secret_expires_at?: number; client_uri?: string; contacts?: string[]; grant_types?: string[]; jwks?: any; jwks_uri?: string; logo_uri?: string; policy_uri?: string; redirect_uris: string[]; response_types?: string[]; scope?: string; software_id?: string; software_statement?: string; software_version?: string; token_endpoint_auth_method?: string; tos_uri?: string; } | Promise<{ application_type?: string; client_id: string; client_id_issued_at?: number; client_name?: string; client_secret?: string; client_secret_expires_at?: number; client_uri?: string; contacts?: string[]; grant_types?: string[]; jwks?: any; jwks_uri?: string; logo_uri?: string; policy_uri?: string; redirect_uris: string[]; response_types?: string[]; scope?: string; software_id?: string; software_statement?: string; software_version?: string; token_endpoint_auth_method?: string; tos_uri?: string; } | undefined> | undefined

Defined in: packages/server-legacy/src/auth/clients.ts:10

Returns information about a registered client, based on its ID.

Parameters
clientId

string

Returns
Type Literal

{ application_type?: string; client_id: string; client_id_issued_at?: number; client_name?: string; client_secret?: string; client_secret_expires_at?: number; client_uri?: string; contacts?: string[]; grant_types?: string[]; jwks?: any; jwks_uri?: string; logo_uri?: string; policy_uri?: string; redirect_uris: string[]; response_types?: string[]; scope?: string; software_id?: string; software_statement?: string; software_version?: string; token_endpoint_auth_method?: string; tos_uri?: string; }

application_type?

optional application_type?: string

OIDC Dynamic Client Registration application_type. MCP clients MUST set this to 'native' or 'web' when registering (SEP-837); the SDK defaults it from redirect_uris when omitted. Typed as string (not an enum) so that parsing an authorization server's registration response — which under RFC 7591 may echo extension values — never rejects the document on this field alone.

client_id

client_id: string

client_id_issued_at?

optional client_id_issued_at?: number

client_name?

optional client_name?: string

client_secret?

optional client_secret?: string

client_secret_expires_at?

optional client_secret_expires_at?: number

client_uri?

optional client_uri?: string

contacts?

optional contacts?: string[]

grant_types?

optional grant_types?: string[]

jwks?

optional jwks?: any

jwks_uri?

optional jwks_uri?: string

logo_uri?

optional logo_uri?: string = OptionalSafeUrlSchema

policy_uri?

optional policy_uri?: string

redirect_uris

redirect_uris: string[]

response_types?

optional response_types?: string[]

scope?

optional scope?: string

software_id?

optional software_id?: string

software_statement?

optional software_statement?: string

software_version?

optional software_version?: string

token_endpoint_auth_method?

optional token_endpoint_auth_method?: string

tos_uri?

optional tos_uri?: string = OptionalSafeUrlSchema


Promise<{ application_type?: string; client_id: string; client_id_issued_at?: number; client_name?: string; client_secret?: string; client_secret_expires_at?: number; client_uri?: string; contacts?: string[]; grant_types?: string[]; jwks?: any; jwks_uri?: string; logo_uri?: string; policy_uri?: string; redirect_uris: string[]; response_types?: string[]; scope?: string; software_id?: string; software_statement?: string; software_version?: string; token_endpoint_auth_method?: string; tos_uri?: string; } | undefined>


undefined

registerClient()?

optional registerClient(client): { application_type?: string; client_id: string; client_id_issued_at?: number; client_name?: string; client_secret?: string; client_secret_expires_at?: number; client_uri?: string; contacts?: string[]; grant_types?: string[]; jwks?: any; jwks_uri?: string; logo_uri?: string; policy_uri?: string; redirect_uris: string[]; response_types?: string[]; scope?: string; software_id?: string; software_statement?: string; software_version?: string; token_endpoint_auth_method?: string; tos_uri?: string; } | Promise<{ application_type?: string; client_id: string; client_id_issued_at?: number; client_name?: string; client_secret?: string; client_secret_expires_at?: number; client_uri?: string; contacts?: string[]; grant_types?: string[]; jwks?: any; jwks_uri?: string; logo_uri?: string; policy_uri?: string; redirect_uris: string[]; response_types?: string[]; scope?: string; software_id?: string; software_statement?: string; software_version?: string; token_endpoint_auth_method?: string; tos_uri?: string; }>

Defined in: packages/server-legacy/src/auth/clients.ts:19

Registers a new client with the server. The client ID and secret will be automatically generated by the library. A modified version of the client information can be returned to reflect specific values enforced by the server.

NOTE: Implementations should NOT delete expired client secrets in-place. Auth middleware provided by this library will automatically check the client_secret_expires_at field and reject requests with expired secrets. Any custom logic for authenticating clients should check the client_secret_expires_at field as well.

If unimplemented, dynamic client registration is unsupported.

Parameters
client

Omit<OAuthClientInformationFull, "client_id" | "client_id_issued_at">

Returns
Type Literal

{ application_type?: string; client_id: string; client_id_issued_at?: number; client_name?: string; client_secret?: string; client_secret_expires_at?: number; client_uri?: string; contacts?: string[]; grant_types?: string[]; jwks?: any; jwks_uri?: string; logo_uri?: string; policy_uri?: string; redirect_uris: string[]; response_types?: string[]; scope?: string; software_id?: string; software_statement?: string; software_version?: string; token_endpoint_auth_method?: string; tos_uri?: string; }

application_type?

optional application_type?: string

OIDC Dynamic Client Registration application_type. MCP clients MUST set this to 'native' or 'web' when registering (SEP-837); the SDK defaults it from redirect_uris when omitted. Typed as string (not an enum) so that parsing an authorization server's registration response — which under RFC 7591 may echo extension values — never rejects the document on this field alone.

client_id

client_id: string

client_id_issued_at?

optional client_id_issued_at?: number

client_name?

optional client_name?: string

client_secret?

optional client_secret?: string

client_secret_expires_at?

optional client_secret_expires_at?: number

client_uri?

optional client_uri?: string

contacts?

optional contacts?: string[]

grant_types?

optional grant_types?: string[]

jwks?

optional jwks?: any

jwks_uri?

optional jwks_uri?: string

logo_uri?

optional logo_uri?: string = OptionalSafeUrlSchema

policy_uri?

optional policy_uri?: string

redirect_uris

redirect_uris: string[]

response_types?

optional response_types?: string[]

scope?

optional scope?: string

software_id?

optional software_id?: string

software_statement?

optional software_statement?: string

software_version?

optional software_version?: string

token_endpoint_auth_method?

optional token_endpoint_auth_method?: string

tos_uri?

optional tos_uri?: string = OptionalSafeUrlSchema


Promise<{ application_type?: string; client_id: string; client_id_issued_at?: number; client_name?: string; client_secret?: string; client_secret_expires_at?: number; client_uri?: string; contacts?: string[]; grant_types?: string[]; jwks?: any; jwks_uri?: string; logo_uri?: string; policy_uri?: string; redirect_uris: string[]; response_types?: string[]; scope?: string; software_id?: string; software_statement?: string; software_version?: string; token_endpoint_auth_method?: string; tos_uri?: string; }>