Documentation / @agentick/mcp / BearerTokenAuthOptions
Interface: BearerTokenAuthOptions
Defined in: server/security/stages.ts:32
Properties
extract()?
optionalextract: (ctx) =>string|undefined
Defined in: server/security/stages.ts:54
Where to find the Authorization header. Default: ctx.metadata.headers (case-insensitive lookup). Override for non-HTTP transports or if your contextProvider stores headers differently.
Parameters
ctx
Returns
string | undefined
tokens?
optionaltokens:Record<string,UserContext>
Defined in: server/security/stages.ts:38
Static token → user map. Useful for dev, internal tools, or fixed API keys. Keys are raw token values (NOT "Bearer <token>"). Values become the resolved user context.
verify()?
optionalverify: (token) =>UserContext|Promise<UserContext|null> |null
Defined in: server/security/stages.ts:47
Custom async verifier for dynamic lookups (JWT, OAuth introspection, DB). Receives the raw token (without "Bearer " prefix). Return the resolved user on success, or null to reject.
Called only if tokens does not contain the token.
Parameters
token
string
Returns
UserContext | Promise<UserContext | null> | null