Skip to main content

OAuthServer

fastmcp_server::oauth

Struct OAuthServer 

Source 
pub struct OAuthServer { /* private fields */ }
Expand description

OAuth 2.0/2.1 authorization server.

This server implements the OAuth 2.0 authorization code flow with PKCE, which is required for OAuth 2.1 compliance.

Implementations§

Source§

impl OAuthServer

Source

pub fn new(config: OAuthServerConfig) -> Self

Creates a new OAuth server with the given configuration.

Source

pub fn with_defaults() -> Self

Creates a new OAuth server with default configuration.

Source

pub fn config(&self) -> &OAuthServerConfig

Returns the server configuration.

Source

pub fn register_client(&self, client: OAuthClient) -> Result<(), OAuthError>

Registers a new OAuth client.

§Errors

Returns an error if:

  • A client with the same ID already exists
  • Public clients are not allowed and the client has no secret
Source

pub fn unregister_client(&self, client_id: &str) -> Result<(), OAuthError>

Unregisters an OAuth client.

This also revokes all tokens issued to the client.

Source

pub fn get_client(&self, client_id: &str) -> Option<OAuthClient>

Gets a registered client by ID.

Source

pub fn list_clients(&self) -> Vec<OAuthClient>

Lists all registered clients.

Source

pub fn authorize( &self, request: &AuthorizationRequest, subject: Option<String>, ) -> Result<(String, String), OAuthError>

Validates an authorization request and creates an authorization code.

This is called after the resource owner has authenticated and approved the authorization request.

§Arguments
  • request - The authorization request parameters
  • subject - The authenticated user’s identifier (optional)
§Returns

Returns the authorization code and redirect URI on success.

Source

pub fn token(&self, request: &TokenRequest) -> Result<TokenResponse, OAuthError>

Exchanges an authorization code or refresh token for tokens.

Source

pub fn revoke( &self, token: &str, client_id: &str, client_secret: Option<&str>, ) -> Result<(), OAuthError>

Revokes a token (access or refresh).

Per RFC 7009, this always returns success even if the token was not found.

Source

pub fn validate_access_token(&self, token: &str) -> Option<OAuthToken>

Validates an access token and returns its metadata.

This is used internally and by the OAuthTokenVerifier.

Source

pub fn token_verifier(self: &Arc<Self>) -> OAuthTokenVerifier

Creates a token verifier for use with MCP [TokenAuthProvider].

Source

pub fn cleanup_expired(&self)

Removes expired tokens and authorization codes.

Call this periodically to prevent memory growth.

Source

pub fn stats(&self) -> OAuthServerStats

Returns statistics about the server state.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, _span: NoopSpan) -> Self

Instruments this future with a span (no-op when disabled).
Source§

fn in_current_span(self) -> Self

Instruments this future with the current span (no-op when disabled).
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more