Documentation / @agentick/mcp / bearerTokenAuth

Function: bearerTokenAuth()

bearerTokenAuth(options): Authenticator

Defined in: server/security/stages.ts:82

Bearer token authenticator. Reads the Authorization header from the request context, extracts the token, and resolves it to a user.

Requires your contextProvider to place headers (or the token itself) on ctx.metadata. The default extractor looks for ctx.metadata.headers.authorization (case-insensitive).

const server = new MCPServer({
  ...,
  contextProvider: async (extra) => ({
    metadata: { headers: extra.requestInfo?.headers ?? {} },
  }),
  security: {
    authenticator: bearerTokenAuth({
      verify: async (token) => {
        const claims = await verifyJwt(token);
        return { id: claims.sub, roles: claims.roles };
      },
    }),
  },
});

Parameters

options

BearerTokenAuthOptions

Returns

Authenticator