pub trait AuthProvider: Send + Sync {
// Required methods
fn verify_token<'life0, 'async_trait>(
&'life0 self,
access_token: String,
) -> Pin<Box<dyn Future<Output = Result<AuthInfo, AuthenticationError>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait;
fn auth_endpoints(&self) -> Option<&HashMap<String, OauthEndpoint>>;
fn handle_request<'life0, 'life1, 'async_trait>(
&'life0 self,
request: Request<&'life1 str>,
state: Arc<McpAppState>,
) -> Pin<Box<dyn Future<Output = Result<Response<GenericBody>, TransportServerError>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait;
fn protected_resource_metadata_url(&self) -> Option<&str>;
// Provided methods
fn required_scopes(&self) -> Option<&Vec<String>> { ... }
fn endpoint_type(&self, request: &Request<&str>) -> Option<&OauthEndpoint> { ... }
fn validate_allowed_methods(
&self,
endpoint: &OauthEndpoint,
method: &Method,
) -> Option<Response<GenericBody>> { ... }
}Required Methods§
fn verify_token<'life0, 'async_trait>(
&'life0 self,
access_token: String,
) -> Pin<Box<dyn Future<Output = Result<AuthInfo, AuthenticationError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
Sourcefn auth_endpoints(&self) -> Option<&HashMap<String, OauthEndpoint>>
fn auth_endpoints(&self) -> Option<&HashMap<String, OauthEndpoint>>
Returns the configured OAuth endpoints for this provider.
- Key: endpoint path as a string (e.g., “/oauth/token”)
- Value: corresponding
OauthEndpointconfiguration
Returns None if no endpoints are configured.
Sourcefn handle_request<'life0, 'life1, 'async_trait>(
&'life0 self,
request: Request<&'life1 str>,
state: Arc<McpAppState>,
) -> Pin<Box<dyn Future<Output = Result<Response<GenericBody>, TransportServerError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
fn handle_request<'life0, 'life1, 'async_trait>(
&'life0 self,
request: Request<&'life1 str>,
state: Arc<McpAppState>,
) -> Pin<Box<dyn Future<Output = Result<Response<GenericBody>, TransportServerError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
Handles an incoming HTTP request for this authentication provider.
This is the main entry point for processing OAuth requests, such as token issuance, authorization code exchange, or revocation.
Sourcefn protected_resource_metadata_url(&self) -> Option<&str>
fn protected_resource_metadata_url(&self) -> Option<&str>
Returns the absolute URL of this resource’s OAuth 2.0 Protected Resource Metadata document.
This corresponds to the resource_metadata parameter defined in
RFC 9531 - OAuth 2.0 Protected Resource Metadata.
The returned URL is an absolute URL (including scheme and host), for example:
https://api.example.com/.well-known/oauth-protected-resource.
Provided Methods§
Sourcefn required_scopes(&self) -> Option<&Vec<String>>
fn required_scopes(&self) -> Option<&Vec<String>>
Returns an optional list of scopes required to access this resource.
If this function returns Some(scopes), the authenticated user’s token
must include all of the listed scopes.
If any are missing, the request will be rejected with a 403 Forbidden response.
Sourcefn endpoint_type(&self, request: &Request<&str>) -> Option<&OauthEndpoint>
fn endpoint_type(&self, request: &Request<&str>) -> Option<&OauthEndpoint>
Returns the OauthEndpoint associated with the given request path.
This method looks up the request URI path in the endpoints returned by auth_endpoints().
⚠️ Note:
- If your token and revocation endpoints share the same URL path (valid in some implementations),
you may want to override this method to correctly distinguish the request type
(e.g., based on request parameters like
grant_typevstoken).