Class: Mcp::OauthMetadataController

Inherits:

ActionController::Base

• Object
• ActionController::Base
• Mcp::OauthMetadataController

Defined in:

app/controllers/mcp/oauth_metadata_controller.rb

Instance Method Summary

• #protected_resource ⇒ Object

  RFC 9728 - OAuth 2.0 Protected Resource Metadata Claude Desktop fetches this to discover which authorization server protects this MCP resource.

• #show ⇒ Object

  RFC 8414 - OAuth 2.0 Authorization Server Metadata.

Instance Method Details

#protected_resource ⇒ Object

RFC 9728 - OAuth 2.0 Protected Resource Metadata
Claude Desktop fetches this to discover which authorization server
protects this MCP resource.

# File 'app/controllers/mcp/oauth_metadata_controller.rb', line 47

def protected_resource
  base_url = "#{request.protocol}#{request.host_with_port}"

  metadata = {
    resource: base_url,
    authorization_servers: [base_url],
    bearer_methods_supported: %w[header],
    scopes_supported: %w[mcp]
  }

  render json: metadata
end

#show ⇒ Object

RFC 8414 - OAuth 2.0 Authorization Server Metadata

# File 'app/controllers/mcp/oauth_metadata_controller.rb', line 26

def show
  base_url = "#{request.protocol}#{request.host_with_port}"

  metadata = {
    issuer: base_url,
    authorization_endpoint: "#{base_url}/oauth/authorize",
    token_endpoint: "#{base_url}/oauth/token",
    revocation_endpoint: "#{base_url}/oauth/revoke",
    response_types_supported: %w[code],
    grant_types_supported: %w[authorization_code],
    code_challenge_methods_supported: %w[S256],
    token_endpoint_auth_methods_supported: %w[none client_secret_basic client_secret_post],
    scopes_supported: %w[mcp]
  }

  render json: metadata
end