@modelcontextprotocol/sdk
    Preparing search index...

    Class ProxyOAuthServerProvider

    Implements an OAuth server that proxies requests to another OAuth server.

    Implements

    Index

    Constructors

    constructor

    Properties

    _endpoints _fetch? _getClient _verifyAccessToken revokeToken? skipLocalPkceValidation

    Accessors

    clientsStore

    Methods

    authorize challengeForAuthorizationCode exchangeAuthorizationCode exchangeRefreshToken verifyAccessToken

    Constructors

    Properties

    Protected Readonly_endpoints

    _endpoints: ProxyEndpoints

    Protected Optional Readonly_fetch

    _fetch?: FetchLike

    Protected Readonly_getClient

    _getClient: (
        clientId: string,
    ) => Promise<
        | {
            client_id: string;
            client_id_issued_at?: number;
            client_name?: string;
            client_secret?: string;
            client_secret_expires_at?: number;
            client_uri?: string;
            contacts?: string[];
            grant_types?: string[];
            jwks?: any;
            jwks_uri?: string;
            logo_uri?: string;
            policy_uri?: string;
            redirect_uris: string[];
            response_types?: string[];
            scope?: string;
            software_id?: string;
            software_statement?: string;
            software_version?: string;
            token_endpoint_auth_method?: string;
            tos_uri?: string;
        }
        | undefined,
    >

    Protected Readonly_verifyAccessToken

    _verifyAccessToken: (token: string) => Promise<AuthInfo>
    revokeToken?: (
        client: {
            client_id: string;
            client_id_issued_at?: number;
            client_name?: string;
            client_secret?: string;
            client_secret_expires_at?: number;
            client_uri?: string;
            contacts?: string[];
            grant_types?: string[];
            jwks?: any;
            jwks_uri?: string;
            logo_uri?: string;
            policy_uri?: string;
            redirect_uris: string[];
            response_types?: string[];
            scope?: string;
            software_id?: string;
            software_statement?: string;
            software_version?: string;
            token_endpoint_auth_method?: string;
            tos_uri?: string;
        },
        request: { token: string; token_type_hint?: string },
    ) => Promise<void>

    Revokes an access or refresh token. If unimplemented, token revocation is not supported (not recommended).

    If the given token is invalid or already revoked, this method should do nothing.

    skipLocalPkceValidation: boolean = true

    Whether to skip local PKCE validation.

    If true, the server will not perform PKCE validation locally and will pass the code_verifier to the upstream server.

    NOTE: This should only be true if the upstream server is performing the actual PKCE validation.

    Accessors

    Methods

    • Begins the authorization flow, which can either be implemented by this server itself or via redirection to a separate authorization server.

      This server must eventually issue a redirect with an authorization response or an error response to the given redirect URI. Per OAuth 2.1:

      • In the successful case, the redirect MUST include the code and state (if present) query parameters.
      • In the error case, the redirect MUST include the error query parameter, and MAY include an optional error_description query parameter.

      Parameters

      • client: {
            client_id: string;
            client_id_issued_at?: number;
            client_name?: string;
            client_secret?: string;
            client_secret_expires_at?: number;
            client_uri?: string;
            contacts?: string[];
            grant_types?: string[];
            jwks?: any;
            jwks_uri?: string;
            logo_uri?: string;
            policy_uri?: string;
            redirect_uris: string[];
            response_types?: string[];
            scope?: string;
            software_id?: string;
            software_statement?: string;
            software_version?: string;
            token_endpoint_auth_method?: string;
            tos_uri?: string;
        }
      • params: AuthorizationParams
      • res: Response

      Returns Promise<void>

    • Returns the codeChallenge that was used when the indicated authorization began.

      Parameters

      • _client: {
            client_id: string;
            client_id_issued_at?: number;
            client_name?: string;
            client_secret?: string;
            client_secret_expires_at?: number;
            client_uri?: string;
            contacts?: string[];
            grant_types?: string[];
            jwks?: any;
            jwks_uri?: string;
            logo_uri?: string;
            policy_uri?: string;
            redirect_uris: string[];
            response_types?: string[];
            scope?: string;
            software_id?: string;
            software_statement?: string;
            software_version?: string;
            token_endpoint_auth_method?: string;
            tos_uri?: string;
        }
      • _authorizationCode: string

      Returns Promise<string>

    • Exchanges an authorization code for an access token.

      Parameters

      • client: {
            client_id: string;
            client_id_issued_at?: number;
            client_name?: string;
            client_secret?: string;
            client_secret_expires_at?: number;
            client_uri?: string;
            contacts?: string[];
            grant_types?: string[];
            jwks?: any;
            jwks_uri?: string;
            logo_uri?: string;
            policy_uri?: string;
            redirect_uris: string[];
            response_types?: string[];
            scope?: string;
            software_id?: string;
            software_statement?: string;
            software_version?: string;
            token_endpoint_auth_method?: string;
            tos_uri?: string;
        }
      • authorizationCode: string
      • OptionalcodeVerifier: string
      • OptionalredirectUri: string
      • Optionalresource: URL

      Returns Promise<
          {
              access_token: string;
              expires_in?: number;
              id_token?: string;
              refresh_token?: string;
              scope?: string;
              token_type: string;
          },
      >

    • Exchanges a refresh token for an access token.

      Parameters

      • client: {
            client_id: string;
            client_id_issued_at?: number;
            client_name?: string;
            client_secret?: string;
            client_secret_expires_at?: number;
            client_uri?: string;
            contacts?: string[];
            grant_types?: string[];
            jwks?: any;
            jwks_uri?: string;
            logo_uri?: string;
            policy_uri?: string;
            redirect_uris: string[];
            response_types?: string[];
            scope?: string;
            software_id?: string;
            software_statement?: string;
            software_version?: string;
            token_endpoint_auth_method?: string;
            tos_uri?: string;
        }
      • refreshToken: string
      • Optionalscopes: string[]
      • Optionalresource: URL

      Returns Promise<
          {
              access_token: string;
              expires_in?: number;
              id_token?: string;
              refresh_token?: string;
              scope?: string;
              token_type: string;
          },
      >

    Settings

    Member Visibility

    On This Page

    Constructors
    Properties
    Accessors
    Methods