ExMCP.Authorization.ProtectedResourceMetadata (ex_mcp v0.9.2)

OAuth 2.0 Protected Resource Metadata Discovery (RFC 9728 - Draft).

This module implements the discovery mechanism for protected resources to advertise their authorization server relationships. This allows MCP servers to indicate which authorization servers protect their resources.

Example

# Discover authorization servers for a protected resource
{:ok, metadata} = ProtectedResourceMetadata.discover("https://api.example.com/mcp")

# Use discovered authorization server
[auth_server | _] = metadata.authorization_servers
{:ok, auth_metadata} = Authorization.discover_server_metadata(auth_server.issuer)

Summary

Types

authorization_server()

metadata()

www_authenticate_info()

Functions

discover(resource_url)

Discovers protected resource metadata from the resource URL.

parse_www_authenticate(header)

Parses WWW-Authenticate header for authorization information.