Express middleware that requires a valid Bearer token in the Authorization
header.
The token is validated via the supplied OAuthTokenVerifier and the
resulting AuthInfo (from @modelcontextprotocol/server) is attached
to req.auth. The MCP Streamable HTTP transport reads req.auth and
surfaces it to handlers as ctx.http.authInfo.
On failure the middleware sends a JSON OAuth error body and a
WWW-Authenticate: Bearer … challenge that includes the configured
resource_metadata URL so clients can discover the Authorization Server.
Express middleware that requires a valid Bearer token in the
Authorizationheader.The token is validated via the supplied OAuthTokenVerifier and the resulting
AuthInfo(from@modelcontextprotocol/server) is attached toreq.auth. The MCP Streamable HTTP transport readsreq.authand surfaces it to handlers asctx.http.authInfo.On failure the middleware sends a JSON OAuth error body and a
WWW-Authenticate: Bearer …challenge that includes the configuredresource_metadataURL so clients can discover the Authorization Server.