MCP TypeScript SDK (V2)
    Preparing search index...

    Function exchangeJwtAuthGrant

    • Exchanges a JWT Authorization Grant for an access token at the MCP server's authorization server.

      This function performs step 3 of the Enterprise Managed Authorization flow: uses the JWT Authorization Grant to obtain an access token from the MCP server.

      Parameters

      • options: {
            authMethod?: ClientAuthMethod;
            clientId: string;
            clientSecret?: string;
            fetchFn?: FetchLike;
            jwtAuthGrant: string;
            tokenEndpoint: string | URL;
        }

        Configuration for the JWT grant exchange

        • OptionalauthMethod?: ClientAuthMethod

          Client authentication method. Defaults to 'client_secret_basic' to align with CrossAppAccessProvider and SEP-990 conformance requirements. Callers with no clientSecret should pass 'none' for public-client auth.

        • clientId: string
        • OptionalclientSecret?: string
        • OptionalfetchFn?: FetchLike
        • jwtAuthGrant: string
        • tokenEndpoint: string | URL

      Returns Promise<
          {
              access_token: string;
              expires_in?: number;
              scope?: string;
              token_type: string;
          },
      >

      OAuth tokens (access token, token type, etc.)

      If the exchange fails or returns an error response

      Defaults to client_secret_basic (HTTP Basic Authorization header), matching CrossAppAccessProvider's declared token_endpoint_auth_method and the SEP-990 conformance test requirements. Use authMethod: 'client_secret_post' only when the authorization server explicitly requires it.

      const tokens = await exchangeJwtAuthGrant({
          tokenEndpoint: 'https://auth.chat.example/token',
          jwtAuthGrant: 'eyJhbGci...',
          clientId: 'my-mcp-client',
          clientSecret: 'my-mcp-secret'
      });

      // Use tokens.access_token to access the MCP server

    Settings

    Member Visibility