pub struct McpServerAuthRequiredState {
pub reason: McpAuthRequiredReason,
pub resource: ProtectedResourceMetadata,
pub required_scopes: Option<Vec<String>>,
pub description: Option<String>,
}Expand description
Server is reachable but cannot serve requests until the client authenticates. Mirrors the discovery flow defined by RFC 9728 (Protected Resource Metadata) and the OAuth 2.1 / RFC 6750 challenge semantics required by the MCP authorization spec.
Clients react to this state by calling the existing authenticate
command with the {@link ProtectedResourceMetadata.resource | resource}
carried here. There is no notify/authRequired notification for
MCP servers — the action stream is the single source of truth.
When the transition is triggered by a request issued during a turn
— most commonly
{@link McpAuthRequiredReason.InsufficientScope | InsufficientScope}
surfacing mid-tool-call — the host SHOULD also raise
{@link SessionStatus.InputNeeded} on the session so the block is
visible at the summary level. Clients SHOULD watch this status on
any MCP server backing a running tool call and surface an explicit
affordance (e.g. a “grant additional access” prompt) tied to that
tool call, rather than relying on the user to notice the
customization’s status badge.
Fields§
§reason: McpAuthRequiredReasonWhy authentication is required.
resource: ProtectedResourceMetadataRFC 9728 Protected Resource Metadata. The resource field is the
canonical MCP server URI per RFC 8707, used as the OAuth resource
indicator. authorization_servers is REQUIRED by the MCP
authorization spec.
required_scopes: Option<Vec<String>>Scopes required for the current challenge, parsed from the
WWW-Authenticate: Bearer scope="…" header (or scopes_supported
fallback). Authoritative for the next authorization request — clients
MUST NOT assume any subset/superset relationship to
resource.scopes_supported.
description: Option<String>Human-readable hint, typically from the OAuth error_description.
Trait Implementations§
Source§impl Clone for McpServerAuthRequiredState
impl Clone for McpServerAuthRequiredState
Source§fn clone(&self) -> McpServerAuthRequiredState
fn clone(&self) -> McpServerAuthRequiredState
1.0.0 (const: unstable) · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read moreSource§impl Debug for McpServerAuthRequiredState
impl Debug for McpServerAuthRequiredState
Source§impl<'de> Deserialize<'de> for McpServerAuthRequiredState
impl<'de> Deserialize<'de> for McpServerAuthRequiredState
Source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
Source§impl PartialEq for McpServerAuthRequiredState
impl PartialEq for McpServerAuthRequiredState
Source§fn eq(&self, other: &McpServerAuthRequiredState) -> bool
fn eq(&self, other: &McpServerAuthRequiredState) -> bool
self and other values to be equal, and is used by ==.