Skip to main content

Function: checkScopes()

checkScopes(required): void

Defined in: index.ts:248

Asserts that the current request's token contains all required scopes. Throws if any scope is missing — the MCP SDK catches this and returns a tool error to the client. Use inside tool handlers for per-tool authorization.

Accepts either scope: string (space-separated, standard JWT claim) or scopes: string[] from verifyToken. If neither is present and required is non-empty, throws with a descriptive message instead of a silent 403.

Parameters

ParameterType
requiredstring[]

Returns

void

Example

server.tool('delete-user', schema, async (args) => {
checkScopes(['admin', 'write:users']);
// proceed only if caller has both scopes
});