ExMCP.Authorization.AuthorizationServerMetadata (ex_mcp v0.10.0)

View Source

OAuth 2.1 Authorization Server Metadata Discovery (RFC 8414).

This module implements the authorization server metadata discovery mechanism as specified in RFC 8414. It provides the /.well-known/oauth-authorization-server endpoint that returns authorization server capabilities and configuration.

Example

# Generate metadata from application configuration
metadata = AuthorizationServerMetadata.build_metadata()

# Metadata includes required fields like issuer, endpoints, and capabilities
%{
  "issuer" => "https://auth.example.com",
  "authorization_endpoint" => "https://auth.example.com/authorize",
  "token_endpoint" => "https://auth.example.com/token",
  "scopes_supported" => ["mcp:read", "mcp:write"],
  "response_types_supported" => ["code"],
  "grant_types_supported" => ["authorization_code"]
}

Summary

Types

metadata()

Functions

build_metadata()

Builds the authorization server metadata from application configuration.

validate_config()

Validates that the authorization server metadata configuration is complete.

Types

metadata()

@type metadata() :: %{required(String.t()) => term()}

Functions

build_metadata()

@spec build_metadata() :: metadata()

Builds the authorization server metadata from application configuration.

Returns a map containing the authorization server metadata as specified in RFC 8414. The metadata includes both required and optional fields based on the application's OAuth configuration.

Required Fields (RFC 8414)

  • issuer: The authorization server issuer identifier
  • authorization_endpoint: URL of the authorization endpoint
  • token_endpoint: URL of the token endpoint

Optional Fields

  • jwks_uri: URL of the JWK Set document
  • scopes_supported: List of supported OAuth 2.0 scopes
  • response_types_supported: List of supported response types
  • grant_types_supported: List of supported grant types
  • code_challenge_methods_supported: List of supported PKCE methods
  • introspection_endpoint: URL of the token introspection endpoint
  • revocation_endpoint: URL of the token revocation endpoint

Examples

iex> AuthorizationServerMetadata.build_metadata()
%{
  "issuer" => "https://auth.example.com",
  "authorization_endpoint" => "https://auth.example.com/authorize",
  "token_endpoint" => "https://auth.example.com/token",
  "scopes_supported" => ["mcp:read", "mcp:write"],
  "response_types_supported" => ["code"],
  "grant_types_supported" => ["authorization_code"]
}

validate_config()

@spec validate_config() :: :ok | {:error, term()}

Validates that the authorization server metadata configuration is complete.

Checks that all required fields are present in the application configuration and returns :ok if valid, or {:error, reason} if configuration is missing or invalid.

Examples

iex> AuthorizationServerMetadata.validate_config()
:ok

iex> AuthorizationServerMetadata.validate_config()
{:error, {:missing_required_field, :issuer}}