Skip to main content
Glama

Solid Multi-Tenant DevOps MCP Server

by Adam-Camp-King
GitHub
JavaScript
  • Apple
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue
auth.js30.4 kB
import pkceChallenge from 'pkce-challenge'; import { LATEST_PROTOCOL_VERSION } from '../types.js'; import { OAuthErrorResponseSchema, OpenIdProviderDiscoveryMetadataSchema } from '../shared/auth.js'; import { OAuthClientInformationFullSchema, OAuthMetadataSchema, OAuthProtectedResourceMetadataSchema, OAuthTokensSchema } from '../shared/auth.js'; import { checkResourceAllowed, resourceUrlFromServerUrl } from '../shared/auth-utils.js'; import { InvalidClientError, InvalidGrantError, OAUTH_ERRORS, OAuthError, ServerError, UnauthorizedClientError } from '../server/auth/errors.js'; export class UnauthorizedError extends Error { constructor(message) { super(message !== null && message !== void 0 ? message : 'Unauthorized'); } } const AUTHORIZATION_CODE_RESPONSE_TYPE = 'code'; const AUTHORIZATION_CODE_CHALLENGE_METHOD = 'S256'; /** * Determines the best client authentication method to use based on server support and client configuration. * * Priority order (highest to lowest): * 1. client_secret_basic (if client secret is available) * 2. client_secret_post (if client secret is available) * 3. none (for public clients) * * @param clientInformation - OAuth client information containing credentials * @param supportedMethods - Authentication methods supported by the authorization server * @returns The selected authentication method */ function selectClientAuthMethod(clientInformation, supportedMethods) { const hasClientSecret = clientInformation.client_secret !== undefined; // If server doesn't specify supported methods, use RFC 6749 defaults if (supportedMethods.length === 0) { return hasClientSecret ? 'client_secret_post' : 'none'; } // Try methods in priority order (most secure first) if (hasClientSecret && supportedMethods.includes('client_secret_basic')) { return 'client_secret_basic'; } if (hasClientSecret && supportedMethods.includes('client_secret_post')) { return 'client_secret_post'; } if (supportedMethods.includes('none')) { return 'none'; } // Fallback: use what we have return hasClientSecret ? 'client_secret_post' : 'none'; } /** * Applies client authentication to the request based on the specified method. * * Implements OAuth 2.1 client authentication methods: * - client_secret_basic: HTTP Basic authentication (RFC 6749 Section 2.3.1) * - client_secret_post: Credentials in request body (RFC 6749 Section 2.3.1) * - none: Public client authentication (RFC 6749 Section 2.1) * * @param method - The authentication method to use * @param clientInformation - OAuth client information containing credentials * @param headers - HTTP headers object to modify * @param params - URL search parameters to modify * @throws {Error} When required credentials are missing */ function applyClientAuthentication(method, clientInformation, headers, params) { const { client_id, client_secret } = clientInformation; switch (method) { case 'client_secret_basic': applyBasicAuth(client_id, client_secret, headers); return; case 'client_secret_post': applyPostAuth(client_id, client_secret, params); return; case 'none': applyPublicAuth(client_id, params); return; default: throw new Error(`Unsupported client authentication method: ${method}`); } } /** * Applies HTTP Basic authentication (RFC 6749 Section 2.3.1) */ function applyBasicAuth(clientId, clientSecret, headers) { if (!clientSecret) { throw new Error('client_secret_basic authentication requires a client_secret'); } const credentials = btoa(`${clientId}:${clientSecret}`); headers.set('Authorization', `Basic ${credentials}`); } /** * Applies POST body authentication (RFC 6749 Section 2.3.1) */ function applyPostAuth(clientId, clientSecret, params) { params.set('client_id', clientId); if (clientSecret) { params.set('client_secret', clientSecret); } } /** * Applies public client authentication (RFC 6749 Section 2.1) */ function applyPublicAuth(clientId, params) { params.set('client_id', clientId); } /** * Parses an OAuth error response from a string or Response object. * * If the input is a standard OAuth2.0 error response, it will be parsed according to the spec * and an instance of the appropriate OAuthError subclass will be returned. * If parsing fails, it falls back to a generic ServerError that includes * the response status (if available) and original content. * * @param input - A Response object or string containing the error response * @returns A Promise that resolves to an OAuthError instance */ export async function parseErrorResponse(input) { const statusCode = input instanceof Response ? input.status : undefined; const body = input instanceof Response ? await input.text() : input; try { const result = OAuthErrorResponseSchema.parse(JSON.parse(body)); const { error, error_description, error_uri } = result; const errorClass = OAUTH_ERRORS[error] || ServerError; return new errorClass(error_description || '', error_uri); } catch (error) { // Not a valid OAuth error response, but try to inform the user of the raw data anyway const errorMessage = `${statusCode ? `HTTP ${statusCode}: ` : ''}Invalid OAuth error response: ${error}. Raw body: ${body}`; return new ServerError(errorMessage); } } /** * Orchestrates the full auth flow with a server. * * This can be used as a single entry point for all authorization functionality, * instead of linking together the other lower-level functions in this module. */ export async function auth(provider, options) { var _a, _b; try { return await authInternal(provider, options); } catch (error) { // Handle recoverable error types by invalidating credentials and retrying if (error instanceof InvalidClientError || error instanceof UnauthorizedClientError) { await ((_a = provider.invalidateCredentials) === null || _a === void 0 ? void 0 : _a.call(provider, 'all')); return await authInternal(provider, options); } else if (error instanceof InvalidGrantError) { await ((_b = provider.invalidateCredentials) === null || _b === void 0 ? void 0 : _b.call(provider, 'tokens')); return await authInternal(provider, options); } // Throw otherwise throw error; } } async function authInternal(provider, { serverUrl, authorizationCode, scope, resourceMetadataUrl, fetchFn }) { let resourceMetadata; let authorizationServerUrl; try { resourceMetadata = await discoverOAuthProtectedResourceMetadata(serverUrl, { resourceMetadataUrl }, fetchFn); if (resourceMetadata.authorization_servers && resourceMetadata.authorization_servers.length > 0) { authorizationServerUrl = resourceMetadata.authorization_servers[0]; } } catch (_a) { // Ignore errors and fall back to /.well-known/oauth-authorization-server } /** * If we don't get a valid authorization server metadata from protected resource metadata, * fallback to the legacy MCP spec's implementation (version 2025-03-26): MCP server acts as the Authorization server. */ if (!authorizationServerUrl) { authorizationServerUrl = serverUrl; } const resource = await selectResourceURL(serverUrl, provider, resourceMetadata); const metadata = await discoverAuthorizationServerMetadata(authorizationServerUrl, { fetchFn }); // Handle client registration if needed let clientInformation = await Promise.resolve(provider.clientInformation()); if (!clientInformation) { if (authorizationCode !== undefined) { throw new Error('Existing OAuth client information is required when exchanging an authorization code'); } if (!provider.saveClientInformation) { throw new Error('OAuth client information must be saveable for dynamic registration'); } const fullInformation = await registerClient(authorizationServerUrl, { metadata, clientMetadata: provider.clientMetadata, fetchFn }); await provider.saveClientInformation(fullInformation); clientInformation = fullInformation; } // Exchange authorization code for tokens if (authorizationCode !== undefined) { const codeVerifier = await provider.codeVerifier(); const tokens = await exchangeAuthorization(authorizationServerUrl, { metadata, clientInformation, authorizationCode, codeVerifier, redirectUri: provider.redirectUrl, resource, addClientAuthentication: provider.addClientAuthentication, fetchFn: fetchFn }); await provider.saveTokens(tokens); return 'AUTHORIZED'; } const tokens = await provider.tokens(); // Handle token refresh or new authorization if (tokens === null || tokens === void 0 ? void 0 : tokens.refresh_token) { try { // Attempt to refresh the token const newTokens = await refreshAuthorization(authorizationServerUrl, { metadata, clientInformation, refreshToken: tokens.refresh_token, resource, addClientAuthentication: provider.addClientAuthentication, fetchFn }); await provider.saveTokens(newTokens); return 'AUTHORIZED'; } catch (error) { // If this is a ServerError, or an unknown type, log it out and try to continue. Otherwise, escalate so we can fix things and retry. if (!(error instanceof OAuthError) || error instanceof ServerError) { // Could not refresh OAuth tokens } else { // Refresh failed for another reason, re-throw throw error; } } } const state = provider.state ? await provider.state() : undefined; // Start new authorization flow const { authorizationUrl, codeVerifier } = await startAuthorization(authorizationServerUrl, { metadata, clientInformation, state, redirectUrl: provider.redirectUrl, scope: scope || provider.clientMetadata.scope, resource }); await provider.saveCodeVerifier(codeVerifier); await provider.redirectToAuthorization(authorizationUrl); return 'REDIRECT'; } export async function selectResourceURL(serverUrl, provider, resourceMetadata) { const defaultResource = resourceUrlFromServerUrl(serverUrl); // If provider has custom validation, delegate to it if (provider.validateResourceURL) { return await provider.validateResourceURL(defaultResource, resourceMetadata === null || resourceMetadata === void 0 ? void 0 : resourceMetadata.resource); } // Only include resource parameter when Protected Resource Metadata is present if (!resourceMetadata) { return undefined; } // Validate that the metadata's resource is compatible with our request if (!checkResourceAllowed({ requestedResource: defaultResource, configuredResource: resourceMetadata.resource })) { throw new Error(`Protected resource ${resourceMetadata.resource} does not match expected ${defaultResource} (or origin)`); } // Prefer the resource from metadata since it's what the server is telling us to request return new URL(resourceMetadata.resource); } /** * Extract resource_metadata from response header. */ export function extractResourceMetadataUrl(res) { const authenticateHeader = res.headers.get('WWW-Authenticate'); if (!authenticateHeader) { return undefined; } const [type, scheme] = authenticateHeader.split(' '); if (type.toLowerCase() !== 'bearer' || !scheme) { return undefined; } const regex = /resource_metadata="([^"]*)"/; const match = regex.exec(authenticateHeader); if (!match) { return undefined; } try { return new URL(match[1]); } catch (_a) { return undefined; } } /** * Looks up RFC 9728 OAuth 2.0 Protected Resource Metadata. * * If the server returns a 404 for the well-known endpoint, this function will * return `undefined`. Any other errors will be thrown as exceptions. */ export async function discoverOAuthProtectedResourceMetadata(serverUrl, opts, fetchFn = fetch) { const response = await discoverMetadataWithFallback(serverUrl, 'oauth-protected-resource', fetchFn, { protocolVersion: opts === null || opts === void 0 ? void 0 : opts.protocolVersion, metadataUrl: opts === null || opts === void 0 ? void 0 : opts.resourceMetadataUrl }); if (!response || response.status === 404) { throw new Error(`Resource server does not implement OAuth 2.0 Protected Resource Metadata.`); } if (!response.ok) { throw new Error(`HTTP ${response.status} trying to load well-known OAuth protected resource metadata.`); } return OAuthProtectedResourceMetadataSchema.parse(await response.json()); } /** * Helper function to handle fetch with CORS retry logic */ async function fetchWithCorsRetry(url, headers, fetchFn = fetch) { try { return await fetchFn(url, { headers }); } catch (error) { if (error instanceof TypeError) { if (headers) { // CORS errors come back as TypeError, retry without headers return fetchWithCorsRetry(url, undefined, fetchFn); } else { // We're getting CORS errors on retry too, return undefined return undefined; } } throw error; } } /** * Constructs the well-known path for auth-related metadata discovery */ function buildWellKnownPath(wellKnownPrefix, pathname = '', options = {}) { // Strip trailing slash from pathname to avoid double slashes if (pathname.endsWith('/')) { pathname = pathname.slice(0, -1); } return options.prependPathname ? `${pathname}/.well-known/${wellKnownPrefix}` : `/.well-known/${wellKnownPrefix}${pathname}`; } /** * Tries to discover OAuth metadata at a specific URL */ async function tryMetadataDiscovery(url, protocolVersion, fetchFn = fetch) { const headers = { 'MCP-Protocol-Version': protocolVersion }; return await fetchWithCorsRetry(url, headers, fetchFn); } /** * Determines if fallback to root discovery should be attempted */ function shouldAttemptFallback(response, pathname) { return !response || (response.status >= 400 && response.status < 500 && pathname !== '/'); } /** * Generic function for discovering OAuth metadata with fallback support */ async function discoverMetadataWithFallback(serverUrl, wellKnownType, fetchFn, opts) { var _a, _b; const issuer = new URL(serverUrl); const protocolVersion = (_a = opts === null || opts === void 0 ? void 0 : opts.protocolVersion) !== null && _a !== void 0 ? _a : LATEST_PROTOCOL_VERSION; let url; if (opts === null || opts === void 0 ? void 0 : opts.metadataUrl) { url = new URL(opts.metadataUrl); } else { // Try path-aware discovery first const wellKnownPath = buildWellKnownPath(wellKnownType, issuer.pathname); url = new URL(wellKnownPath, (_b = opts === null || opts === void 0 ? void 0 : opts.metadataServerUrl) !== null && _b !== void 0 ? _b : issuer); url.search = issuer.search; } let response = await tryMetadataDiscovery(url, protocolVersion, fetchFn); // If path-aware discovery fails with 404 and we're not already at root, try fallback to root discovery if (!(opts === null || opts === void 0 ? void 0 : opts.metadataUrl) && shouldAttemptFallback(response, issuer.pathname)) { const rootUrl = new URL(`/.well-known/${wellKnownType}`, issuer); response = await tryMetadataDiscovery(rootUrl, protocolVersion, fetchFn); } return response; } /** * Looks up RFC 8414 OAuth 2.0 Authorization Server Metadata. * * If the server returns a 404 for the well-known endpoint, this function will * return `undefined`. Any other errors will be thrown as exceptions. * * @deprecated This function is deprecated in favor of `discoverAuthorizationServerMetadata`. */ export async function discoverOAuthMetadata(issuer, { authorizationServerUrl, protocolVersion } = {}, fetchFn = fetch) { if (typeof issuer === 'string') { issuer = new URL(issuer); } if (!authorizationServerUrl) { authorizationServerUrl = issuer; } if (typeof authorizationServerUrl === 'string') { authorizationServerUrl = new URL(authorizationServerUrl); } protocolVersion !== null && protocolVersion !== void 0 ? protocolVersion : (protocolVersion = LATEST_PROTOCOL_VERSION); const response = await discoverMetadataWithFallback(authorizationServerUrl, 'oauth-authorization-server', fetchFn, { protocolVersion, metadataServerUrl: authorizationServerUrl }); if (!response || response.status === 404) { return undefined; } if (!response.ok) { throw new Error(`HTTP ${response.status} trying to load well-known OAuth metadata`); } return OAuthMetadataSchema.parse(await response.json()); } /** * Builds a list of discovery URLs to try for authorization server metadata. * URLs are returned in priority order: * 1. OAuth metadata at the given URL * 2. OAuth metadata at root (if URL has path) * 3. OIDC metadata endpoints */ export function buildDiscoveryUrls(authorizationServerUrl) { const url = typeof authorizationServerUrl === 'string' ? new URL(authorizationServerUrl) : authorizationServerUrl; const hasPath = url.pathname !== '/'; const urlsToTry = []; if (!hasPath) { // Root path: https://example.com/.well-known/oauth-authorization-server urlsToTry.push({ url: new URL('/.well-known/oauth-authorization-server', url.origin), type: 'oauth' }); // OIDC: https://example.com/.well-known/openid-configuration urlsToTry.push({ url: new URL(`/.well-known/openid-configuration`, url.origin), type: 'oidc' }); return urlsToTry; } // Strip trailing slash from pathname to avoid double slashes let pathname = url.pathname; if (pathname.endsWith('/')) { pathname = pathname.slice(0, -1); } // 1. OAuth metadata at the given URL // Insert well-known before the path: https://example.com/.well-known/oauth-authorization-server/tenant1 urlsToTry.push({ url: new URL(`/.well-known/oauth-authorization-server${pathname}`, url.origin), type: 'oauth' }); // Root path: https://example.com/.well-known/oauth-authorization-server urlsToTry.push({ url: new URL('/.well-known/oauth-authorization-server', url.origin), type: 'oauth' }); // 3. OIDC metadata endpoints // RFC 8414 style: Insert /.well-known/openid-configuration before the path urlsToTry.push({ url: new URL(`/.well-known/openid-configuration${pathname}`, url.origin), type: 'oidc' }); // OIDC Discovery 1.0 style: Append /.well-known/openid-configuration after the path urlsToTry.push({ url: new URL(`${pathname}/.well-known/openid-configuration`, url.origin), type: 'oidc' }); return urlsToTry; } /** * Discovers authorization server metadata with support for RFC 8414 OAuth 2.0 Authorization Server Metadata * and OpenID Connect Discovery 1.0 specifications. * * This function implements a fallback strategy for authorization server discovery: * 1. Attempts RFC 8414 OAuth metadata discovery first * 2. If OAuth discovery fails, falls back to OpenID Connect Discovery * * @param authorizationServerUrl - The authorization server URL obtained from the MCP Server's * protected resource metadata, or the MCP server's URL if the * metadata was not found. * @param options - Configuration options * @param options.fetchFn - Optional fetch function for making HTTP requests, defaults to global fetch * @param options.protocolVersion - MCP protocol version to use, defaults to LATEST_PROTOCOL_VERSION * @returns Promise resolving to authorization server metadata, or undefined if discovery fails */ export async function discoverAuthorizationServerMetadata(authorizationServerUrl, { fetchFn = fetch, protocolVersion = LATEST_PROTOCOL_VERSION } = {}) { const headers = { 'MCP-Protocol-Version': protocolVersion }; // Get the list of URLs to try const urlsToTry = buildDiscoveryUrls(authorizationServerUrl); // Try each URL in order for (const { url: endpointUrl, type } of urlsToTry) { const response = await fetchWithCorsRetry(endpointUrl, headers, fetchFn); if (!response) { /** * CORS error occurred - don't throw as the endpoint may not allow CORS, * continue trying other possible endpoints */ continue; } if (!response.ok) { // Continue looking for any 4xx response code. if (response.status >= 400 && response.status < 500) { continue; // Try next URL } throw new Error(`HTTP ${response.status} trying to load ${type === 'oauth' ? 'OAuth' : 'OpenID provider'} metadata from ${endpointUrl}`); } // Parse and validate based on type if (type === 'oauth') { return OAuthMetadataSchema.parse(await response.json()); } else { return OpenIdProviderDiscoveryMetadataSchema.parse(await response.json()); } } return undefined; } /** * Begins the authorization flow with the given server, by generating a PKCE challenge and constructing the authorization URL. */ export async function startAuthorization(authorizationServerUrl, { metadata, clientInformation, redirectUrl, scope, state, resource }) { let authorizationUrl; if (metadata) { authorizationUrl = new URL(metadata.authorization_endpoint); if (!metadata.response_types_supported.includes(AUTHORIZATION_CODE_RESPONSE_TYPE)) { throw new Error(`Incompatible auth server: does not support response type ${AUTHORIZATION_CODE_RESPONSE_TYPE}`); } if (metadata.code_challenge_methods_supported && !metadata.code_challenge_methods_supported.includes(AUTHORIZATION_CODE_CHALLENGE_METHOD)) { throw new Error(`Incompatible auth server: does not support code challenge method ${AUTHORIZATION_CODE_CHALLENGE_METHOD}`); } } else { authorizationUrl = new URL('/authorize', authorizationServerUrl); } // Generate PKCE challenge const challenge = await pkceChallenge(); const codeVerifier = challenge.code_verifier; const codeChallenge = challenge.code_challenge; authorizationUrl.searchParams.set('response_type', AUTHORIZATION_CODE_RESPONSE_TYPE); authorizationUrl.searchParams.set('client_id', clientInformation.client_id); authorizationUrl.searchParams.set('code_challenge', codeChallenge); authorizationUrl.searchParams.set('code_challenge_method', AUTHORIZATION_CODE_CHALLENGE_METHOD); authorizationUrl.searchParams.set('redirect_uri', String(redirectUrl)); if (state) { authorizationUrl.searchParams.set('state', state); } if (scope) { authorizationUrl.searchParams.set('scope', scope); } if (scope === null || scope === void 0 ? void 0 : scope.includes('offline_access')) { // if the request includes the OIDC-only "offline_access" scope, // we need to set the prompt to "consent" to ensure the user is prompted to grant offline access // https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess authorizationUrl.searchParams.append('prompt', 'consent'); } if (resource) { authorizationUrl.searchParams.set('resource', resource.href); } return { authorizationUrl, codeVerifier }; } /** * Exchanges an authorization code for an access token with the given server. * * Supports multiple client authentication methods as specified in OAuth 2.1: * - Automatically selects the best authentication method based on server support * - Falls back to appropriate defaults when server metadata is unavailable * * @param authorizationServerUrl - The authorization server's base URL * @param options - Configuration object containing client info, auth code, etc. * @returns Promise resolving to OAuth tokens * @throws {Error} When token exchange fails or authentication is invalid */ export async function exchangeAuthorization(authorizationServerUrl, { metadata, clientInformation, authorizationCode, codeVerifier, redirectUri, resource, addClientAuthentication, fetchFn }) { var _a; const grantType = 'authorization_code'; const tokenUrl = (metadata === null || metadata === void 0 ? void 0 : metadata.token_endpoint) ? new URL(metadata.token_endpoint) : new URL('/token', authorizationServerUrl); if ((metadata === null || metadata === void 0 ? void 0 : metadata.grant_types_supported) && !metadata.grant_types_supported.includes(grantType)) { throw new Error(`Incompatible auth server: does not support grant type ${grantType}`); } // Exchange code for tokens const headers = new Headers({ 'Content-Type': 'application/x-www-form-urlencoded', Accept: 'application/json' }); const params = new URLSearchParams({ grant_type: grantType, code: authorizationCode, code_verifier: codeVerifier, redirect_uri: String(redirectUri) }); if (addClientAuthentication) { addClientAuthentication(headers, params, authorizationServerUrl, metadata); } else { // Determine and apply client authentication method const supportedMethods = (_a = metadata === null || metadata === void 0 ? void 0 : metadata.token_endpoint_auth_methods_supported) !== null && _a !== void 0 ? _a : []; const authMethod = selectClientAuthMethod(clientInformation, supportedMethods); applyClientAuthentication(authMethod, clientInformation, headers, params); } if (resource) { params.set('resource', resource.href); } const response = await (fetchFn !== null && fetchFn !== void 0 ? fetchFn : fetch)(tokenUrl, { method: 'POST', headers, body: params }); if (!response.ok) { throw await parseErrorResponse(response); } return OAuthTokensSchema.parse(await response.json()); } /** * Exchange a refresh token for an updated access token. * * Supports multiple client authentication methods as specified in OAuth 2.1: * - Automatically selects the best authentication method based on server support * - Preserves the original refresh token if a new one is not returned * * @param authorizationServerUrl - The authorization server's base URL * @param options - Configuration object containing client info, refresh token, etc. * @returns Promise resolving to OAuth tokens (preserves original refresh_token if not replaced) * @throws {Error} When token refresh fails or authentication is invalid */ export async function refreshAuthorization(authorizationServerUrl, { metadata, clientInformation, refreshToken, resource, addClientAuthentication, fetchFn }) { var _a; const grantType = 'refresh_token'; let tokenUrl; if (metadata) { tokenUrl = new URL(metadata.token_endpoint); if (metadata.grant_types_supported && !metadata.grant_types_supported.includes(grantType)) { throw new Error(`Incompatible auth server: does not support grant type ${grantType}`); } } else { tokenUrl = new URL('/token', authorizationServerUrl); } // Exchange refresh token const headers = new Headers({ 'Content-Type': 'application/x-www-form-urlencoded' }); const params = new URLSearchParams({ grant_type: grantType, refresh_token: refreshToken }); if (addClientAuthentication) { addClientAuthentication(headers, params, authorizationServerUrl, metadata); } else { // Determine and apply client authentication method const supportedMethods = (_a = metadata === null || metadata === void 0 ? void 0 : metadata.token_endpoint_auth_methods_supported) !== null && _a !== void 0 ? _a : []; const authMethod = selectClientAuthMethod(clientInformation, supportedMethods); applyClientAuthentication(authMethod, clientInformation, headers, params); } if (resource) { params.set('resource', resource.href); } const response = await (fetchFn !== null && fetchFn !== void 0 ? fetchFn : fetch)(tokenUrl, { method: 'POST', headers, body: params }); if (!response.ok) { throw await parseErrorResponse(response); } return OAuthTokensSchema.parse({ refresh_token: refreshToken, ...(await response.json()) }); } /** * Performs OAuth 2.0 Dynamic Client Registration according to RFC 7591. */ export async function registerClient(authorizationServerUrl, { metadata, clientMetadata, fetchFn }) { let registrationUrl; if (metadata) { if (!metadata.registration_endpoint) { throw new Error('Incompatible auth server: does not support dynamic client registration'); } registrationUrl = new URL(metadata.registration_endpoint); } else { registrationUrl = new URL('/register', authorizationServerUrl); } const response = await (fetchFn !== null && fetchFn !== void 0 ? fetchFn : fetch)(registrationUrl, { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(clientMetadata) }); if (!response.ok) { throw await parseErrorResponse(response); } return OAuthClientInformationFullSchema.parse(await response.json()); } //# sourceMappingURL=auth.js.map

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Adam-Camp-King/solid-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server