Interface AuthProvider

Minimal interface for authenticating MCP client transports with bearer tokens.

Transports call token() before every request to obtain the current token, and onUnauthorized() (if provided) when the server responds with 401, giving the provider a chance to refresh credentials before the transport retries once.

For simple cases (API keys, gateway-managed tokens), implement only token():

const authProvider: AuthProvider = { token: async () => process.env.API_KEY };

For OAuth flows, pass an OAuthClientProvider directly — transports accept either shape and adapt OAuth providers automatically via adaptOAuthProvider.

interface AuthProvider {
onUnauthorized?(ctx: UnauthorizedContext): Promise<void>;
token(): Promise<string | undefined>;
}

Index

Methods

onUnauthorized? token

Methods

`Optional`onUnauthorized

onUnauthorized?(ctx: UnauthorizedContext): Promise<void>
Called when the server responds with 401. If provided, the transport will await this, then retry the request once. If the retry also gets 401, or if this method is not provided, the transport throws UnauthorizedError.

Implementations should refresh tokens, re-authenticate, etc. — whatever is needed so the next token() call returns a valid token.
Parameters
- ctx: UnauthorizedContext
Returns Promise<void>
- Defined in packages/client/src/client/auth.ts:82

token

token(): Promise<string | undefined>
Returns the current bearer token, or undefined if no token is available. Called before every request.

Returns Promise<string | undefined>
- Defined in packages/client/src/client/auth.ts:72

Interface AuthProvider

Index

Methods

Methods

`Optional`onUnauthorized

Parameters

Returns Promise<void>

token

Returns Promise<string | undefined>

Settings

On This Page

Interface AuthProvider

Index

Methods

Methods

OptionalonUnauthorized

Parameters

Returns Promise<void>

token

Returns Promise<string | undefined>

Settings

On This Page

`Optional`onUnauthorized