Skip to content

oauth2_scheme

autogen.beta.mcp.security.oauth2_scheme #

oauth2_scheme(*, url)

OAuth 2.0 authorization-server declaration (the issuer url that mints tokens for this resource server).

url must be an absolute http(s) URL (RFC 9728 advertises it as such). An OIDC issuer string like stytch.com/project-... is not usable here — pass the full URL whose /.well-known/... metadata resolves.

Source code in autogen/beta/mcp/security.py 
63
64
65
66
67
68
69
70
71
72
73
74
75
def oauth2_scheme(*, url: str) -> Scheme:
    """OAuth 2.0 authorization-server declaration (the issuer ``url`` that mints
    tokens for this resource server).

    ``url`` must be an absolute ``http(s)`` URL (RFC 9728 advertises it as such).
    An OIDC issuer *string* like ``stytch.com/project-...`` is not usable here —
    pass the full URL whose ``/.well-known/...`` metadata resolves."""
    if not url.startswith(("http://", "https://")):
        raise ValueError(
            f"oauth2_scheme url must be an absolute http(s) URL, got {url!r} "
            "(an OIDC issuer string is not a usable authorization-server URL)."
        )
    return Scheme(url=url)