MCPcopy Index your code
hub / github.com/modelcontextprotocol/python-sdk / create_auth_routes

Function create_auth_routes

src/mcp/server/auth/routes.py:64–142  ·  view source on GitHub ↗
(
    provider: OAuthAuthorizationServerProvider[Any, Any, Any],
    issuer_url: AnyHttpUrl,
    service_documentation_url: AnyHttpUrl | None = None,
    client_registration_options: ClientRegistrationOptions | None = None,
    revocation_options: RevocationOptions | None = None,
)

Source from the content-addressed store, hash-verified

62
63
64def create_auth_routes(
65 provider: OAuthAuthorizationServerProvider[Any, Any, Any],
66 issuer_url: AnyHttpUrl,
67 service_documentation_url: AnyHttpUrl | None = None,
68 client_registration_options: ClientRegistrationOptions | None = None,
69 revocation_options: RevocationOptions | None = None,
70) -> list[Route]:
71 validate_issuer_url(issuer_url)
72
73 client_registration_options = client_registration_options or ClientRegistrationOptions()
74 revocation_options = revocation_options or RevocationOptions()
75 metadata = build_metadata(
76 issuer_url,
77 service_documentation_url,
78 client_registration_options,
79 revocation_options,
80 )
81 client_authenticator = ClientAuthenticator(provider)
82
83 # Create routes
84 # Allow CORS requests for endpoints meant to be hit by the OAuth client
85 # (with the client secret). This is intended to support things like MCP Inspector,
86 # where the client runs in a web browser.
87 routes = [
88 Route(
89 "/.well-known/oauth-authorization-server",
90 endpoint=cors_middleware(
91 MetadataHandler(metadata).handle,
92 ["GET", "OPTIONS"],
93 ),
94 methods=["GET", "OPTIONS"],
95 ),
96 Route(
97 AUTHORIZATION_PATH,
98 # do not allow CORS for authorization endpoint;
99 # clients should just redirect to this
100 endpoint=AuthorizationHandler(provider).handle,
101 methods=["GET", "POST"],
102 ),
103 Route(
104 TOKEN_PATH,
105 endpoint=cors_middleware(
106 TokenHandler(provider, client_authenticator).handle,
107 ["POST", "OPTIONS"],
108 ),
109 methods=["POST", "OPTIONS"],
110 ),
111 ]
112
113 if client_registration_options.enabled: # pragma: no branch
114 registration_handler = RegistrationHandler(
115 provider,
116 options=client_registration_options,
117 )
118 routes.append(
119 Route(
120 REGISTRATION_PATH,
121 endpoint=cors_middleware(

Callers 5

sse_appMethod · 0.90
streamable_http_appMethod · 0.90
auth_appFunction · 0.90
appFunction · 0.90

Calls 11

RevocationOptionsClass · 0.90
ClientAuthenticatorClass · 0.90
MetadataHandlerClass · 0.90
TokenHandlerClass · 0.90
RegistrationHandlerClass · 0.90
RevocationHandlerClass · 0.90
validate_issuer_urlFunction · 0.85
build_metadataFunction · 0.85
cors_middlewareFunction · 0.85

Tested by 2

auth_appFunction · 0.72
appFunction · 0.72