MCP Server Framework - v1.0.0
    Preparing search index...

    Interface UpstreamOAuthOptions

    Options for createUpstreamOAuthProvider.

    interface UpstreamOAuthOptions {
        clientId: string;
        clientSecret: string;
        codeContextTtlMs?: number;
        endpoints: UpstreamEndpoints;
        mapUserInfo: (
            token: string,
            data: Record<string, unknown>,
        ) => Promise<AuthInfo>;
        pendingAuthTtlMs?: number;
        refreshTokenSupport?: boolean;
        serverUrl: string;
        tokenRequestContentType?: "form" | "json";
        upstreamAuthorizeParams?: Readonly<Record<string, string>>;
        upstreamScopes: readonly string[];
    }
    Index

    Properties

    clientId clientSecret codeContextTtlMs? endpoints mapUserInfo pendingAuthTtlMs? refreshTokenSupport? serverUrl tokenRequestContentType? upstreamAuthorizeParams? upstreamScopes

    Properties

    clientId: string

    Client ID registered with the upstream OAuth provider

    clientSecret: string

    Client secret registered with the upstream OAuth provider

    codeContextTtlMs?: number

    TTL for code context (authorization code → redirect_uri mapping).

    300000 (5 minutes)
    endpoints: UpstreamEndpoints

    Upstream OAuth endpoint URLs

    mapUserInfo: (token: string, data: Record<string, unknown>) => Promise<AuthInfo>

    Map the upstream userinfo response to MCP AuthInfo.

    Called by verifyAccessToken() after fetching the userinfo endpoint. The data parameter contains the parsed JSON response from the userinfo URL.

    Type Declaration

      • (token: string, data: Record<string, unknown>): Promise<AuthInfo>

      • Parameters

        • token: string

          The access token being verified

        • data: Record<string, unknown>

          Parsed JSON response from the userinfo endpoint

        Returns Promise<AuthInfo>

        Auth info for the MCP session

    pendingAuthTtlMs?: number

    TTL for pending authorization state (upstream state → client info mapping).

    600000 (10 minutes)
    refreshTokenSupport?: boolean

    Whether the upstream provider supports refresh tokens. When true, exchangeRefreshToken() proxies to the token endpoint.

    false
    serverUrl: string

    MCP server base URL (e.g. http://localhost:8000). Used as redirect_uri target.

    tokenRequestContentType?: "form" | "json"

    Content type for the token exchange request.

    • 'form'application/x-www-form-urlencoded (OAuth 2.1 standard, default)
    • 'json'application/json (used by GitHub)
    'form'
    upstreamAuthorizeParams?: Readonly<Record<string, string>>

    Extra query parameters appended to the upstream authorization URL. Useful for non-standard providers that need additional parameters like response_type, access_type, etc.

    Standard parameters (client_id, redirect_uri, state, scope) are set automatically and should NOT be included here.

    upstreamScopes: readonly string[]

    Scopes to request from the upstream provider (e.g. ['read:user'], ['openid', 'profile'])

    Settings

    Member Visibility

    On This Page

    Properties