Skip to main content

fastmcp.server.auth.providers.descope

Descope authentication provider for FastMCP. This module provides DescopeProvider - a complete authentication solution that integrates with Descope’s OAuth 2.1 and OpenID Connect services, supporting Dynamic Client Registration (DCR) for seamless MCP client authentication.

Classes

DescopeProviderSettings

DescopeProvider

Descope metadata provider for DCR (Dynamic Client Registration). This provider implements Descope integration using metadata forwarding. This is the recommended approach for Descope DCR as it allows Descope to handle the OAuth flow directly while FastMCP acts as a resource server. IMPORTANT SETUP REQUIREMENTS:
  1. Create an MCP Server in Descope Console:
    • Go to the MCP Servers page of the Descope Console
    • Create a new MCP Server
    • Ensure that Dynamic Client Registration (DCR) is enabled
    • Note your Well-Known URL
  2. Note your Well-Known URL:
    • Save your Well-Known URL from MCP Server Settings
    • Format: https://.../v1/apps/agentic/P.../M.../.well-known/openid-configuration
For detailed setup instructions, see: https://docs.descope.com/identity-federation/inbound-apps/creating-inbound-apps#method-2-dynamic-client-registration-dcr Methods:

get_routes 

get_routes(self, mcp_path: str | None = None) -> list[Route]
Get OAuth routes including Descope authorization server metadata forwarding. This returns the standard protected resource routes plus an authorization server metadata endpoint that forwards Descope’s OAuth metadata to clients. Args:
  • mcp_path: The path where the MCP endpoint is mounted (e.g., “/mcp”) This is used to advertise the resource URL in metadata.