Metadata-Version: 2.4
Name: getmcpauth
Version: 0.1.0
Summary: Drop-in OAuth 2.1 + Dynamic Client Registration token verification for Python MCP servers, backed by mcpauth.
Project-URL: Homepage, https://getmcpauth.dev
Project-URL: Documentation, https://getmcpauth.dev/docs
Project-URL: Repository, https://github.com/yilmazali325/getmcpauth-python
Project-URL: Issues, https://github.com/yilmazali325/getmcpauth-python/issues
Author: mcpauth
License: MIT
License-File: LICENSE
Keywords: authentication,authorization,dynamic-client-registration,mcp,mcp-server,model-context-protocol,oauth,oauth2
Requires-Python: >=3.10
Requires-Dist: httpx>=0.27
Requires-Dist: mcp>=1.28.1
Provides-Extra: test
Requires-Dist: pytest-asyncio>=0.24; extra == 'test'
Requires-Dist: pytest>=8.0; extra == 'test'
Requires-Dist: respx>=0.21; extra == 'test'
Description-Content-Type: text/markdown

# getmcpauth

[![PyPI version](https://img.shields.io/pypi/v/getmcpauth.svg)](https://pypi.org/project/getmcpauth/)
[![license](https://img.shields.io/pypi/l/getmcpauth.svg)](https://github.com/yilmazali325/getmcpauth-python/blob/main/LICENSE)

Drop-in OAuth 2.1 + Dynamic Client Registration ([RFC 7591](https://www.rfc-editor.org/rfc/rfc7591)) token verification for Python MCP servers, backed by [mcpauth](https://getmcpauth.dev).

Implements the official [`mcp`](https://pypi.org/project/mcp/) SDK's `TokenVerifier` protocol — the official SDK ships a full bearer-auth middleware stack (`BearerAuthBackend`, `RequireAuthMiddleware`) but no ready-made verifier that actually checks a token against a real authorization server. This package is that verifier.

## Install

```
pip install getmcpauth
```

## Usage

```python
import os
from mcp.server.fastmcp import FastMCP
from getmcpauth import McpAuthTokenVerifier, build_auth_settings

mcp = FastMCP(
    "my-server",
    token_verifier=McpAuthTokenVerifier(
        "https://getmcpauth.dev/api/oauth/introspect",
        registration_secret=os.environ["MCPAUTH_SECRET"],
    ),
    auth=build_auth_settings(
        "https://getmcpauth.dev",
        resource_server_url="https://my-server.example.com",
    ),
)
```

Get a `registration_secret` by creating a project at [getmcpauth.dev/dashboard](https://getmcpauth.dev/dashboard).

## API

- **`McpAuthTokenVerifier`** — implements `mcp.server.auth.provider.TokenVerifier`. Successful verifications are cached in-process (default 30s) so a chatty agent conversation doesn't trigger a network round trip on every tool call.
- **`build_auth_settings(issuer_url, *, resource_server_url, required_scopes=None)`** — builds an `AuthSettings` for `FastMCP` with Dynamic Client Registration enabled.
- **`required_scope_for_call(body)` / `is_authorized(required_scope, granted_scopes)` / `check_batch(bodies, granted_scopes)`** — helpers for MCP-native tool scoping (`tool:<name>` scope strings mapped directly to `tools/call` requests).

Full docs: [getmcpauth.dev/docs](https://getmcpauth.dev/docs)

## Development

```
pip install -e ".[test]"
pytest
```

## License

MIT
