fastmcp.server.auth.oidc_proxy

OIDC Proxy Provider for FastMCP. This provider acts as a transparent proxy to an upstream OIDC compliant Authorization Server. It leverages the OAuthProxy class to handle Dynamic Client Registration and forwarding of all OAuth flows. This implementation is based on: OpenID Connect Discovery 1.0 - https://openid.net/specs/openid-connect-discovery-1_0.html OAuth 2.0 Authorization Server Metadata - https://datatracker.ietf.org/doc/html/rfc8414

Classes

OIDCConfiguration

OIDC Configuration. Methods:

get_oidc_configuration 

get_oidc_configuration(cls, config_url: AnyHttpUrl) -> Self
Get the OIDC configuration for the specified config URL. Args:
  • config_url: The OIDC config URL
  • strict: The strict flag for the configuration
  • timeout_seconds: HTTP request timeout in seconds

OIDCProxy

OAuth provider that wraps OAuthProxy to provide configuration via an OIDC configuration URL. This provider makes it easier to add OAuth protection for any upstream provider that is OIDC compliant. Methods:

get_oidc_configuration 

get_oidc_configuration(self, config_url: AnyHttpUrl, strict: bool | None, timeout_seconds: int | None) -> OIDCConfiguration
Gets the OIDC configuration for the specified configuration URL. Args:
  • config_url: The OIDC configuration URL
  • strict: The strict flag for the configuration
  • timeout_seconds: HTTP request timeout in seconds

get_token_verifier 

get_token_verifier(self) -> TokenVerifier
Creates the token verifier for the specified OIDC configuration and arguments. Args:
  • algorithm: Optional token verifier algorithm
  • audience: Optional token verifier audience
  • required_scopes: Optional token verifier required_scopes
  • timeout_seconds: HTTP request timeout in seconds