Skip to main content

AuthorizedServer

mcp_authorization::server

Struct AuthorizedServer 

Source 
pub struct AuthorizedServer<S: ServerHandler, A = NoAuth> { /* private fields */ }
Expand description

A ServerHandler wrapper that adds authorization-based schema shaping.

Wraps any inner ServerHandler and intercepts list_tools / call_tool to filter tools and shape schemas based on the request’s AuthContext.

§Compile-time guarantee

In the spirit of Proof<C> — which makes skipping a capability check uncompilable — forgetting to wire authentication is a build error, not a runtime panic. ServerHandler is implemented only for AuthorizedServer<S, Authorized<P>>, so a server with no auth source chosen cannot be served:

use mcp_authorization::AuthorizedServer;
use rmcp::handler::server::ServerHandler;
use rmcp::model::{ServerInfo, ServerCapabilities, Implementation};

struct Inner;
impl ServerHandler for Inner {
    fn get_info(&self) -> ServerInfo {
        ServerInfo::new(ServerCapabilities::builder().enable_tools().build())
            .with_server_info(Implementation::new("inner", "0.0.0"))
    }
}
fn requires_handler<T: ServerHandler>(_: T) {}

// No auth source chosen → not a ServerHandler → does not compile.
requires_handler(AuthorizedServer::new(Inner));

Choosing an auth source makes it servable:

use mcp_authorization::AuthorizedServer;
use rmcp::handler::server::ServerHandler;
use rmcp::model::{ServerInfo, ServerCapabilities, Implementation};

struct Inner;
impl ServerHandler for Inner {
    fn get_info(&self) -> ServerInfo {
        ServerInfo::new(ServerCapabilities::builder().enable_tools().build())
            .with_server_info(Implementation::new("inner", "0.0.0"))
    }
}
fn requires_handler<T: ServerHandler>(_: T) {}

// deny_by_default() (or with_auth(..)) yields a real ServerHandler.
requires_handler(AuthorizedServer::new(Inner).deny_by_default());

Implementations§

Source§

impl<S: ServerHandler> AuthorizedServer<S, NoAuth>

Source

pub fn new(inner: S) -> Self

Start building an authorized server. No auth source is chosen yet, so the result is not yet a ServerHandler — call with_auth or deny_by_default.

Source§

impl<S: ServerHandler, A> AuthorizedServer<S, A>

Source

pub fn register<I, O>( self, name: impl Into<String>, description: impl Into<String>, ) -> Self
where I: JsonSchema + AuthSchemaMetadata + DeserializeOwned + 'static, O: JsonSchema + AuthSchemaMetadata + Serialize + 'static,

Register a tool with typed input/output for schema generation and authorization metadata.

Source

pub fn authorize(self, tool_name: &str, capability: &'static str) -> Self

Set tool-level authorization for a named tool. The tool is hidden from list_tools if the request’s AuthContext lacks this capability.

Source

pub fn with_auth<P: AuthProvider>( self, provider: P, ) -> AuthorizedServer<S, Authorized<P>>

Choose an explicit auth source. Required before serving any network transport. Transitions the server into the servable Authorized state.

provider is anything implementing AuthProvider, including a closure Fn(&RequestContext<RoleServer>) -> AuthContext.

Source

pub fn deny_by_default(self) -> AuthorizedServer<S, Authorized<DenyByDefault>>

Install DenyByDefault: use an AuthContext injected by middleware if present, otherwise resolve to AuthContext::empty.

The ergonomic choice for stdio / local / dev: the server is immediately servable and an unauthenticated client sees the least-privileged view (only ungated tools) rather than an error.

Source

pub fn inner(&self) -> &S

Get a reference to the inner handler.

Source

pub fn registry(&self) -> &AuthToolRegistry

Get a reference to the authorization registry.

Trait Implementations§

Source§

impl<S: ServerHandler, P: AuthProvider + 'static> ServerHandler for AuthorizedServer<S, Authorized<P>>

Source§

fn get_info(&self) -> ServerInfo

Source§

fn list_tools( &self, _request: Option<PaginatedRequestParams>, context: RequestContext<RoleServer>, ) -> impl Future<Output = Result<ListToolsResult, McpError>> + MaybeSendFuture + '_

Source§

fn call_tool( &self, request: CallToolRequestParams, context: RequestContext<RoleServer>, ) -> impl Future<Output = Result<CallToolResult, McpError>> + MaybeSendFuture + '_

Source§

fn initialize( &self, request: InitializeRequestParams, context: RequestContext<RoleServer>, ) -> impl Future<Output = Result<InitializeResult, McpError>> + MaybeSendFuture + '_

Source§

fn ping( &self, context: RequestContext<RoleServer>, ) -> impl Future<Output = Result<(), McpError>> + MaybeSendFuture + '_

Source§

fn complete( &self, request: CompleteRequestParams, context: RequestContext<RoleServer>, ) -> impl Future<Output = Result<CompleteResult, McpError>> + MaybeSendFuture + '_

Source§

fn set_level( &self, request: SetLevelRequestParams, context: RequestContext<RoleServer>, ) -> impl Future<Output = Result<(), McpError>> + MaybeSendFuture + '_

Source§

fn get_prompt( &self, request: GetPromptRequestParams, context: RequestContext<RoleServer>, ) -> impl Future<Output = Result<GetPromptResult, McpError>> + MaybeSendFuture + '_

Source§

fn list_prompts( &self, request: Option<PaginatedRequestParams>, context: RequestContext<RoleServer>, ) -> impl Future<Output = Result<ListPromptsResult, McpError>> + MaybeSendFuture + '_

Source§

fn list_resources( &self, request: Option<PaginatedRequestParams>, context: RequestContext<RoleServer>, ) -> impl Future<Output = Result<ListResourcesResult, McpError>> + MaybeSendFuture + '_

Source§

fn list_resource_templates( &self, request: Option<PaginatedRequestParams>, context: RequestContext<RoleServer>, ) -> impl Future<Output = Result<ListResourceTemplatesResult, McpError>> + MaybeSendFuture + '_

Source§

fn read_resource( &self, request: ReadResourceRequestParams, context: RequestContext<RoleServer>, ) -> impl Future<Output = Result<ReadResourceResult, McpError>> + MaybeSendFuture + '_

Source§

fn subscribe( &self, request: SubscribeRequestParams, context: RequestContext<RoleServer>, ) -> impl Future<Output = Result<(), McpError>> + MaybeSendFuture + '_

Source§

fn unsubscribe( &self, request: UnsubscribeRequestParams, context: RequestContext<RoleServer>, ) -> impl Future<Output = Result<(), McpError>> + MaybeSendFuture + '_

Source§

fn get_tool(&self, name: &str) -> Option<Tool>

Get a tool definition by name. Read more
Source§

fn on_custom_request( &self, request: CustomRequest, context: RequestContext<RoleServer>, ) -> impl Future<Output = Result<CustomResult, McpError>> + MaybeSendFuture + '_

Source§

fn on_cancelled( &self, notification: CancelledNotificationParam, context: NotificationContext<RoleServer>, ) -> impl Future<Output = ()> + MaybeSendFuture + '_

Source§

fn on_progress( &self, notification: ProgressNotificationParam, context: NotificationContext<RoleServer>, ) -> impl Future<Output = ()> + MaybeSendFuture + '_

Source§

fn on_initialized( &self, context: NotificationContext<RoleServer>, ) -> impl Future<Output = ()> + MaybeSendFuture + '_

Source§

fn on_roots_list_changed( &self, context: NotificationContext<RoleServer>, ) -> impl Future<Output = ()> + MaybeSendFuture + '_

Source§

fn on_custom_notification( &self, notification: CustomNotification, context: NotificationContext<RoleServer>, ) -> impl Future<Output = ()> + MaybeSendFuture + '_

Source§

fn enqueue_task( &self, request: CallToolRequestParams, context: RequestContext<RoleServer>, ) -> impl Future<Output = Result<CreateTaskResult, McpError>> + MaybeSendFuture + '_

Source§

fn list_tasks( &self, request: Option<PaginatedRequestParams>, context: RequestContext<RoleServer>, ) -> impl Future<Output = Result<ListTasksResult, McpError>> + MaybeSendFuture + '_

Source§

fn get_task_info( &self, request: GetTaskInfoParams, context: RequestContext<RoleServer>, ) -> impl Future<Output = Result<GetTaskResult, McpError>> + MaybeSendFuture + '_

Source§

fn get_task_result( &self, request: GetTaskResultParams, context: RequestContext<RoleServer>, ) -> impl Future<Output = Result<GetTaskPayloadResult, McpError>> + MaybeSendFuture + '_

Source§

fn cancel_task( &self, request: CancelTaskParams, context: RequestContext<RoleServer>, ) -> impl Future<Output = Result<CancelTaskResult, McpError>> + MaybeSendFuture + '_

Auto Trait Implementations§

§

impl<S, A> Freeze for AuthorizedServer<S, A>
where S: Freeze, A: Freeze,

§

impl<S, A> RefUnwindSafe for AuthorizedServer<S, A>
where S: RefUnwindSafe, A: RefUnwindSafe,

§

impl<S, A> Send for AuthorizedServer<S, A>
where A: Send,

§

impl<S, A> Sync for AuthorizedServer<S, A>
where A: Sync,

§

impl<S, A> Unpin for AuthorizedServer<S, A>
where S: Unpin, A: Unpin,

§

impl<S, A> UnsafeUnpin for AuthorizedServer<S, A>
where S: UnsafeUnpin, A: UnsafeUnpin,

§

impl<S, A> UnwindSafe for AuthorizedServer<S, A>
where S: UnwindSafe, A: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<R, S> DynService<R> for S
where R: ServiceRole, S: Service<R>,

Source§

fn handle_request( &self, request: <R as ServiceRole>::PeerReq, context: RequestContext<R>, ) -> Pin<Box<dyn Future<Output = Result<<R as ServiceRole>::Resp, ErrorData>> + Send + '_>>

Source§

fn handle_notification( &self, notification: <R as ServiceRole>::PeerNot, context: NotificationContext<R>, ) -> Pin<Box<dyn Future<Output = Result<(), ErrorData>> + Send + '_>>

Source§

fn get_info(&self) -> <R as ServiceRole>::Info

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<H> Service<RoleServer> for H
where H: ServerHandler,

Source§

async fn handle_request( &self, request: <RoleServer as ServiceRole>::PeerReq, context: RequestContext<RoleServer>, ) -> Result<<RoleServer as ServiceRole>::Resp, ErrorData>

Source§

async fn handle_notification( &self, notification: <RoleServer as ServiceRole>::PeerNot, context: NotificationContext<RoleServer>, ) -> Result<(), ErrorData>

Source§

fn get_info(&self) -> <RoleServer as ServiceRole>::Info

Source§

impl<S> ServiceExt<RoleServer> for S
where S: Service<RoleServer>,

Source§

fn serve_with_ct<T, E, A>( self, transport: T, ct: CancellationToken, ) -> impl Future<Output = Result<RunningService<RoleServer, S>, ServerInitializeError>> + MaybeSendFuture
where T: IntoTransport<RoleServer, E, A>, E: Error + Send + Sync + 'static,

Source§

fn into_dyn(self) -> Box<dyn DynService<R>>

Convert this service to a dynamic boxed service Read more
Source§

fn serve<T, E, A>( self, transport: T, ) -> impl Future<Output = Result<RunningService<R, Self>, <R as ServiceRole>::InitializeError>> + MaybeSendFuture
where T: IntoTransport<R, E, A>, E: Error + Send + Sync + 'static, Self: Sized,

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more