Skip to main content

fastmcp.server.auth.providers.debug

Debug token verifier for testing and special cases. This module provides a flexible token verifier that delegates validation to a custom callable. Useful for testing, development, or scenarios where standard verification isn’t possible (like opaque tokens without introspection). Example: 
from fastmcp import FastMCP
from fastmcp.server.auth.providers.debug import DebugTokenVerifier

# Accept all tokens (default - useful for testing)
auth = DebugTokenVerifier()

# Custom sync validation logic
auth = DebugTokenVerifier(validate=lambda token: token.startswith("valid-"))

# Custom async validation logic
async def check_cache(token: str) -> bool:
    return await redis.exists(f"token:{token}")

auth = DebugTokenVerifier(validate=check_cache)

mcp = FastMCP("My Server", auth=auth)

Classes

DebugTokenVerifier

Token verifier with custom validation logic. This verifier delegates token validation to a user-provided callable. By default, it accepts all non-empty tokens (useful for testing). Use cases:
  • Testing: Accept any token without real verification
  • Development: Custom validation logic for prototyping
  • Opaque tokens: When you have tokens with no introspection endpoint
WARNING: This bypasses standard security checks. Only use in controlled environments or when you understand the security implications. Methods:

verify_token 

verify_token(self, token: str) -> AccessToken | None
Verify token using custom validation logic. Args:
  • token: The token string to validate
Returns:
  • AccessToken if validation succeeds, None otherwise