Function: getWwwAuthenticateHeader()
getWwwAuthenticateHeader(
args):string
Defined in: index.ts:779
Returns the WWW-Authenticate header value for a 401 response on a
protected resource, following the MCP auth spec requirement that
unauthorized responses advertise the resource metadata URL so MCP
clients can bootstrap OAuth discovery.
Use this in your own auth middleware when you are not using the built-in
auth option on createMcpRouter.
Parameters
| Parameter | Type | Description |
|---|---|---|
args | { resource: string; } | - |
args.resource | string | The resource server URL. The metadata URL is derived as <resource>/.well-known/oauth-protected-resource per RFC 9728. |
Returns
string
Example
import { getWwwAuthenticateHeader } from '@ttoss/http-server-mcp';
// Inside a Koa middleware
ctx.status = 401;
ctx.set('WWW-Authenticate', getWwwAuthenticateHeader({ resource: 'https://mcp.example.com' }));