OAuth support added to MCP Adapter

1 min read

Secure your MCP servers with OAuth using version 1.0.0 of the MCP Adapter, which now includes official support for the MCP Authorization spec. This release introduces:

  • Helper functions for OAuth-compliant authorization flows

  • A new withMcpAuth wrapper for securing routes

  • One-click deployable examples with popular auth providers like Better Auth, Clerk, Descope, Stytch, and WorkOS

Here’s an example of how to integrate auth in your MCP server:

app/[transport]/route.ts
import { createMcpHandler, withMcpAuth } from 'mcp-handler';
const handler = createMcpHandler((server) => {
server.tool(
'roll_dice',
'Rolls an N-sided die',
{ sides: z.number().int().min(2) },
async ({ sides }) => {
const value = 1 + Math.floor(Math.random() * sides);
return { content: [{ type: 'text', text: `🎲 You rolled a ${value}!` }] };
}
);
})
const verifyToken = async (
req: Request,
bearerToken?: string,
) => {
if (!bearerToken) return undefined;
const isValid = bearerToken === '123';
if (!isValid) return undefined;
return {
token: bearerToken,
scopes: ['read:stuff'],
clientId: 'client123',
};
};
const authHandler = withMcpAuth(handler, verifyToken, {
required: true,
});
export { authHandler as GET, authHandler as POST };

Additionally, use the protectedResourceHandler to expose resource server metadata for compliant clients. Learn more in the MCP Auth documentation.

Start building secure MCP servers

Deploy an example MCP server by cloning our Next.js MCP template, or explore starter integrations from our auth partners:

MCP Server with Next.js

Get started building your first MCP server on Vercel.

Deploy now