Function: getWwwAuthenticateHeader()
getWwwAuthenticateHeader(
args):string
Defined in: auth-core/src/oauthServer.ts:512
Returns the WWW-Authenticate header value for a 401 response on a protected
resource, advertising the RFC 9728 resource-metadata URL so OAuth/MCP clients
can bootstrap discovery.
Parameters
| Parameter | Type | Description |
|---|---|---|
args | { resource: string; } | - |
args.resource | string | The resource server URL. The metadata URL is derived as <resource>/.well-known/oauth-protected-resource per RFC 9728. |
Returns
string
Example
getWwwAuthenticateHeader({ resource: 'https://mcp.example.com' });
// => 'Bearer resource_metadata="https://mcp.example.com/.well-known/oauth-protected-resource"'