fastmcp.server.auth.providers.workos

Classes

AuthKitProviderSettings

AuthKitProvider

WorkOS AuthKit metadata provider for DCR (Dynamic Client Registration). This provider implements WorkOS AuthKit integration using metadata forwarding instead of OAuth proxying. This is the recommended approach for WorkOS DCR as it allows WorkOS to handle the OAuth flow directly while FastMCP acts as a resource server. IMPORTANT SETUP REQUIREMENTS:
  1. Enable Dynamic Client Registration in WorkOS Dashboard:
    • Go to Applications → Configuration
    • Toggle “Dynamic Client Registration” to enabled
  2. Configure your FastMCP server URL as a callback:
For detailed setup instructions, see: https://workos.com/docs/authkit/mcp/integrating/token-verification Methods:

verify_token 

verify_token(self, token: str) -> AccessToken | None
Verify a WorkOS token using the configured token verifier.

customize_auth_routes 

customize_auth_routes(self, routes: list[BaseRoute]) -> list[BaseRoute]
Add AuthKit metadata endpoints. This adds:
  • /.well-known/oauth-authorization-server (forwards AuthKit metadata)
  • /.well-known/oauth-protected-resource (returns FastMCP resource info)