Function: checkScopes()
checkScopes(
required):void
Defined in: index.ts:248
Asserts that the current request's token contains all required scopes. Throws if any scope is missing — the MCP SDK catches this and returns a tool error to the client. Use inside tool handlers for per-tool authorization.
Accepts either scope: string (space-separated, standard JWT claim) or
scopes: string[] from verifyToken. If neither is present and required
is non-empty, throws with a descriptive message instead of a silent 403.
Parameters
| Parameter | Type |
|---|---|
required | string[] |
Returns
void
Example
server.tool('delete-user', schema, async (args) => {
checkScopes(['admin', 'write:users']);
// proceed only if caller has both scopes
});