github modelcontextprotocol/typescript-sdk @modelcontextprotocol/express@2.0.0-beta.3

Patch Changes

  • #2420 7635115 Thanks @felixweinberger! - Add runtime-neutral Bearer authentication to @modelcontextprotocol/server:
    requireBearerAuth gates web-standard fetch(request) hosts (Cloudflare
    Workers, Deno, Bun, Hono), built on the exported verifyBearerToken and
    bearerAuthChallengeResponse pieces, with OAuthTokenVerifier now defined
    here. The Express middleware adapts the same core and is unchanged in
    behavior, except that WWW-Authenticate challenge values are now RFC 7235
    quoted-string sanitized (quotes and backslashes escaped, control and
    non-ASCII characters replaced); @modelcontextprotocol/express re-exports
    OAuthTokenVerifier as before.

  • #2422 61866d7 Thanks @felixweinberger! - Add runtime-neutral OAuth discovery serving to @modelcontextprotocol/server:
    oauthMetadataResponse serves the RFC 9728 Protected Resource Metadata and
    RFC 8414 Authorization Server metadata documents from web-standard
    fetch(request) hosts, built on the exported
    buildOAuthProtectedResourceMetadata, with
    getOAuthProtectedResourceMetadataUrl now defined here. The Express metadata
    router adapts the same core and is unchanged in behavior; the insecure-issuer
    escape hatch is an explicit dangerouslyAllowInsecureIssuerUrl option in the
    neutral core instead of a module-scope environment read. The web-standard
    matcher validates lazily so unmatched traffic always falls through, tolerates
    a trailing slash, supports HEAD, and marks reflected CORS preflights with
    Vary.

  • Updated dependencies [44797d7, 1b90c96, 561c6d8, ce2f65d, 7e69735, e8de519, 0ab5d14, 24be404, 7635115, 61866d7]:

    • @modelcontextprotocol/server@2.0.0-beta.3

Don't miss a new typescript-sdk release

NewReleases is sending notifications on new releases.