01. Metadata Discovery/02. Auth Server Metadata (πŸ’ͺ problem)

Auth Server Metadata

πŸ‘¨β€πŸ’Ό Now that clients can connect to our MCP server from any domain, they need to be able to discover how to authenticate with our system. When clients want to access protected resources or perform actions that require authentication, they need to know where to go and what methods are available.
The problem is: how do we provide clients with the information they need to authenticate with our OAuth server? Without this metadata, clients will be stuck because they can't figure out authentication endpoints and supported features.
// Example: A user trying to discover our OAuth server capabilities
const response = await fetch(
	'https://our-mcp-server.example.com/.well-known/oauth-authorization-server',
)
const metadata = await response.json()
// metadata includes things like:
// - registration_endpoint - how to register a new client for dynamic client registration
// - authorization_endpoint - where to send users to confirm the connection
// - token_endpoint - where to request a token once they have a auth code
// plus more things necessary for the client to set up the connection for the user
You can see what our Authorization Server metadata looks like by visiting http://localhost:7788/.well-known/oauth-authorization-server.
This metadata endpoint is the gateway that tells clients everything they need to know about our authentication system.
To do this, we need to implement the /.well-known/oauth-authorization-server endpoint that returns the OAuth server's metadata. This endpoint will fetch the metadata from our actual OAuth server and relay it to users, making our MCP server a complete authentication discovery hub.
The OAuth metadata endpoint is a standard that clients expect to find. Without it, clients won't be able to properly integrate authentication into their applications.
πŸ” Doing this from our resource server is useful because some clients do not distinguish between the resource server and the auth server and will treat our resource server as the auth server. So we simply proxy to the auth server to get the metadata.
OAuth ServerMCP ServerClientOAuth ServerMCP ServerClientGET /.well-known/oauth-authorization-serverFetch metadata from localhost:7788Returns OAuth metadataReturns metadata with CORS headers
πŸ“œ For more details on OAuth authorization server metadata, see the RFC 8414 specification.
The goal is to make authentication discovery seamless and standards-compliant, so users can easily integrate our OAuth system into their applications without any guesswork.
πŸ§β€β™€οΈ By the way, I've set up the OAuth server to run on localhost:7788, and you'll need to create a new auth.ts file to handle the metadata request. The endpoint should fetch from http://localhost:7788/.well-known/oauth-authorization-server and return the response.
πŸ‘¨β€πŸ’Ό Thanks Kellie!
Now, please implement the metadata endpoint.
Edit
problemsolutiondiffchat

Please set the playground first

Loading "Auth Server Metadata"
Loading "Auth Server Metadata"
Login to get access to the exclusive discord channel.
  • ⚑General
    Epic MCP server not initializing
    steve ⚑:
    I am attempting to configure the Epic MCP Server per Kent's instructions here: https://www.epicai.pr...
    • βœ…2
     3 Β· 10 hours ago
  • ⚑General
    What will tomorrows MCP hosts look like?
    Paul πŸš€:
    Hi Kent,

Thanks for putting together the course, I’m really enjoying it. Im interested if you have...
    • βœ…1
     2 Β· 2 days ago
  • ⚑General
    VS Code Copilot and Epic Workshop MCP Server
    Alexandre πŸš€:
    I might have missed something, but how do we install the Epic Workshop MCP Server so we can ask Copi...
    • βœ…1
     3 Β· 3 days ago
  • 🐣MCP Fundamentals
    πŸ’ͺAdv. MCP Features
    πŸ”MCP Auth
    πŸ’»MCP UI
    What about the usage of MCP Servers for some kind of chat interacting with a local LLM?
    frankfullstack ⚑:
    I would like to raise a general question about the usage of MCP Servers and how we could interact fr...
    • βœ…1
     5 Β· 8 days ago
  • 🐣MCP Fundamentals
    ⚑General
    It'd be really cool to have a basic deployment guide.
    BeyondLimits99 ⚑:
    The course has been amazing so far! I'd love to have a basic deployment guide just so I can practice...
    • βœ…2
     3 Β· 5 days ago
  • ⚑General
    non-related question: how do you rollout updates?
    mark:
    I'm very curious to hear: How do you roll-out new updates? do you use some kind of libary?
    • βœ…1
     5 Β· 10 days ago
  • 🐣MCP Fundamentals
    ⚑General
    How do you teach the LLMs to use ResourceTemplates and ResourceTemplatesList?
    frontendwizard:
    I'm playing around with building an mcp with claude and he has a tendency to go for json for everyth...
    • βœ…1
     8 Β· 8 days ago
  • 🐣MCP Fundamentals
    ⚑General
    MCP to MCP
    Mahendra Hirapra ⚑:
    Does it possible one MCP sever connect to other MCP like chain? I would like to connect Figma MCP Se...
    • βœ…1
     4 Β· 9 days ago
  • 🐣MCP Fundamentals
    ⚑General
    When does an MCP become overkillβ€”that is, when should one avoid building one?
    Lax ⚑:
    Just wondering what scenarios to skip πŸ™‚
    • βœ…1
     2 Β· 9 days ago
  • 🐣MCP Fundamentals
    ⚑General
    πŸ’»MCP UI
    πŸ”MCP Auth
    Are the live sessions, Q&A's or will there be some lectures about concepts around MPC Stack?
    Handax ⚑:
    I’m interested in diving deeper into the Model Contexts Protocol (MCP) and was wondering if there wi...
    • βœ…1
     1 Β· 9 days ago
  • ⚑General
    Lesson lengths
    ffkml ⚑:
    I’m excited for the class to kick off next week. Planning ahead, how long should we plan for lessons...
    • πŸ‘3
    • βœ…1
     1 Β· 14 days ago