in packages/better-auth/src/plugins/mcp/index.ts [588:721]
registerMcpClient: createAuthEndpoint(
"/mcp/register",
{
method: "POST",
body: z.object({
redirect_uris: z.array(z.string()),
token_endpoint_auth_method: z
.enum(["none", "client_secret_basic", "client_secret_post"])
.default("client_secret_basic")
.optional(),
grant_types: z
.array(
z.enum([
"authorization_code",
"implicit",
"password",
"client_credentials",
"refresh_token",
"urn:ietf:params:oauth:grant-type:jwt-bearer",
"urn:ietf:params:oauth:grant-type:saml2-bearer",
]),
)
.default(["authorization_code"])
.optional(),
response_types: z
.array(z.enum(["code", "token"]))
.default(["code"])
.optional(),
client_name: z.string().optional(),
client_uri: z.string().optional(),
logo_uri: z.string().optional(),
scope: z.string().optional(),
contacts: z.array(z.string()).optional(),
tos_uri: z.string().optional(),
policy_uri: z.string().optional(),
jwks_uri: z.string().optional(),
jwks: z.record(z.any()).optional(),
metadata: z.record(z.any()).optional(),
software_id: z.string().optional(),
software_version: z.string().optional(),
software_statement: z.string().optional(),
}),
metadata: {
openapi: {
description: "Register an OAuth2 application",
responses: {
"200": {
description: "OAuth2 application registered successfully",
content: {
"application/json": {
schema: {
type: "object",
properties: {
name: {
type: "string",
description: "Name of the OAuth2 application",
},
icon: {
type: "string",
nullable: true,
description: "Icon URL for the application",
},
metadata: {
type: "object",
additionalProperties: true,
nullable: true,
description:
"Additional metadata for the application",
},
clientId: {
type: "string",
description: "Unique identifier for the client",
},
clientSecret: {
type: "string",
description: "Secret key for the client",
},
redirectURLs: {
type: "array",
items: { type: "string", format: "uri" },
description: "List of allowed redirect URLs",
},
type: {
type: "string",
description: "Type of the client",
enum: ["web"],
},
authenticationScheme: {
type: "string",
description:
"Authentication scheme used by the client",
enum: ["client_secret"],
},
disabled: {
type: "boolean",
description: "Whether the client is disabled",
enum: [false],
},
userId: {
type: "string",
nullable: true,
description:
"ID of the user who registered the client, null if registered anonymously",
},
createdAt: {
type: "string",
format: "date-time",
description: "Creation timestamp",
},
updatedAt: {
type: "string",
format: "date-time",
description: "Last update timestamp",
},
},
required: [
"name",
"clientId",
"clientSecret",
"redirectURLs",
"type",
"authenticationScheme",
"disabled",
"createdAt",
"updatedAt",
],
},
},
},
},
},
},
},
},