Package Exports
- @frontmcp/auth
- @frontmcp/auth/package.json
Readme
@frontmcp/auth
Authentication, session management, and credential vault for FrontMCP servers.
Install
npm install @frontmcp/authTypically consumed via
@frontmcp/sdk— direct installation is only needed for advanced use cases.
Features
- Remote OAuth — delegate authentication to an external IdP with optional DCR (docs)
- Local OAuth — built-in token issuance with configurable sign keys (docs)
- JWKS validation — JSON Web Key Set discovery and token verification (docs)
- OAuth stores — session, token, and authorization code persistence (memory, Redis, Vercel KV) (docs)
- Credential vault — encrypted storage for secrets and API keys (docs)
- PKCE — Proof Key for Code Exchange (RFC 7636) built on
@frontmcp/utilscrypto (docs) - CIMD — Client Instance Machine Detection for session continuity (docs)
- Auth UI templates — consent, login, and error pages (docs)
- Audience validation — per-app audience and scope enforcement (docs)
- Token vault — secure token exchange and refresh management (docs)
Quick Example
import { FrontMcp, App } from '@frontmcp/sdk';
@FrontMcp({
info: { name: 'Secure Server', version: '1.0.0' },
apps: [MyApp],
auth: {
type: 'remote',
name: 'my-idp',
baseUrl: 'https://idp.example.com',
},
})
export default class Server {}Full guide: Authentication Overview
Docs
| Topic | Link |
|---|---|
| Overview | Authentication Overview |
| Remote OAuth | Remote OAuth |
| Local OAuth | Local OAuth |
| JWKS | JWKS Validation |
| Session stores | Session Stores |
| Credential vault | Credential Vault |
| PKCE | PKCE |
| CIMD | Client Instance Machine Detection |
| Auth UI | Auth UI Templates |
| Audience & scopes | Audience Validation |
| Token vault | Token Vault |
Related Packages
@frontmcp/sdk— core framework (imports auth internally)@frontmcp/utils— crypto primitives used by PKCE and vault@frontmcp/ui— consent and login page components
License
Apache-2.0 — see LICENSE.