diff --git a/examples/express-mcp-server/src/index.ts b/examples/express-mcp-server/src/index.ts index e3bf004..afa6ff0 100644 --- a/examples/express-mcp-server/src/index.ts +++ b/examples/express-mcp-server/src/index.ts @@ -11,6 +11,7 @@ const port = process.env.PORT || 3000; const mcpAuthServer = new McpAuthServer({ baseUrl: process.env.BASE_URL as string, + issuer: process.env.ISSUER as string, }); app.use(express.json()); diff --git a/examples/express-mcp-vet-ai-assist-app/src/index.ts b/examples/express-mcp-vet-ai-assist-app/src/index.ts index 9f04c18..4b3c313 100644 --- a/examples/express-mcp-vet-ai-assist-app/src/index.ts +++ b/examples/express-mcp-vet-ai-assist-app/src/index.ts @@ -31,6 +31,7 @@ const app: Express = express(); const mcpAuthServer: McpAuthServer = new McpAuthServer({ baseUrl: process.env.BASE_URL as string, + issuer: process.env.ISSUER as string, }); app.use(express.json()); diff --git a/packages/mcp-express/README.md b/packages/mcp-express/README.md index 8f5a759..6e5a1f2 100644 --- a/packages/mcp-express/README.md +++ b/packages/mcp-express/README.md @@ -45,6 +45,7 @@ const app = express(); // Initialize McpAuthServer with baseUrl const mcpAuthServer = new McpAuthServer({ baseUrl: process.env.BASE_URL as string, + issuer: process.env.ISSUER as string }); app.use(express.json()); @@ -65,7 +66,10 @@ Creates a new instance of the MCP authentication server with the given configura ```typescript import {McpAuthServer} from '@asgardeo/mcp-express'; -const mcpAuthServer = new McpAuthServer({baseUrl: 'https://auth.example.com'}); +const mcpAuthServer = new McpAuthServer({ + baseUrl: 'https://auth.example.com', + issuer: 'https://auth.example.com/oauth2/token' +}); ``` #### mcpAuthServer.router() @@ -95,6 +99,8 @@ The server can be configured with the following option: interface McpAuthServerOptions { /** Base URL of the authorization server */ baseUrl: string; + /** Issuer of the authorization server */ + issuer: string; } ``` @@ -119,6 +125,7 @@ const app: Express = express(); // Initialize McpAuthServer const mcpAuthServer = new McpAuthServer({ baseUrl: process.env.BASE_URL as string, + issuer: process.env.ISSUER as string, }); app.use(express.json()); diff --git a/packages/mcp-express/src/middlewares/bearerAuthMiddleware.ts b/packages/mcp-express/src/middlewares/bearerAuthMiddleware.ts index 8d11238..77e3351 100644 --- a/packages/mcp-express/src/middlewares/bearerAuthMiddleware.ts +++ b/packages/mcp-express/src/middlewares/bearerAuthMiddleware.ts @@ -60,7 +60,7 @@ export default function bearerAuthMiddleware(options: McpAuthOptions) { options: { audience: options?.audience, clockTolerance: 60, - issuer: `${issuerBase}/oauth2/token`, + issuer: `${options.issuer}`, }, }; diff --git a/packages/mcp-express/src/routes/auth.ts b/packages/mcp-express/src/routes/auth.ts index ebd5714..dd411e6 100644 --- a/packages/mcp-express/src/routes/auth.ts +++ b/packages/mcp-express/src/routes/auth.ts @@ -23,7 +23,7 @@ import {getProtectedResourceMetadata} from '../controllers/protected-resource'; export default function AuthRouter(options: McpAuthOptions): express.Router { const router: express.Router = express.Router(); - const {baseUrl} = options; + const {baseUrl, issuer} = options; if (!baseUrl) { throw new Error('baseUrl must be provided'); } @@ -31,7 +31,7 @@ export default function AuthRouter(options: McpAuthOptions): express.Router { router.use( PROTECTED_RESOURCE_URL, getProtectedResourceMetadata({ - authorizationServers: [baseUrl], + authorizationServers: [issuer], resource: 'https://api.example.com', }), ); diff --git a/packages/mcp-node/src/models/mcp-auth.ts b/packages/mcp-node/src/models/mcp-auth.ts index 91db5b4..064fd18 100644 --- a/packages/mcp-node/src/models/mcp-auth.ts +++ b/packages/mcp-node/src/models/mcp-auth.ts @@ -19,4 +19,5 @@ export interface McpAuthOptions { audience?: string; baseUrl: string; + issuer: string; }