MCP ExplorerExplorer

Mcp Express

@descopeon a year ago
10 MIT
FreeCommunity
AI Systems
TypeScript-based Express library for MCP Server with Descope auth integration.

Overview

What is Mcp Express

mcp-express is a TypeScript-based Express library that integrates Descope’s authentication and user management capabilities to facilitate the addition of Model Context Protocol (MCP) Specification compliant authorization to your MCP Server.

Use cases

Use cases for mcp-express include building secure APIs, integrating user management systems in web applications, and implementing compliant authorization flows in applications that utilize the MCP.

How to use

To use mcp-express, install it via npm, set up your Descope credentials in a .env file, and integrate the SDK into your Express application by importing the necessary modules and configuring the middleware.

Key features

Key features include OAuth 2.1 protocol implementation with PKCE support, Dynamic Client Registration, and Authorization Server Metadata, enabling secure and compliant user authentication.

Where to use

mcp-express is suitable for web applications that require secure user authentication and authorization, particularly those adhering to the MCP Specification.

Clients Supporting MCP

The following are the main client software that supports the Model Context Protocol. Click the link to visit the official website for more information.

Claude Desktop

Claude Desktop: Official desktop application from Anthropic, natively supports MCP protocol. claude.ai

Cherry Studio

Cherry Studio: Cross-platform desktop client supporting multiple LLM providers, built-in MCP server support. cherry-ai.com

LobeChat

LobeChat: Modern open-source ChatGPT/LLMs UI, supports MCP protocol integration. lobehub.com

DeepChat

DeepChat: Cross-platform desktop AI assistant, compatible with MCP protocol, focusing on privacy and efficiency. deepchat.thinkinai.xyz

5ire

5ire: Cross-platform open-source desktop intelligent assistant MCP client, supports local knowledge base and MCP server. 5ire.app

View More MCP Clients

Content

Descope MCP Express SDK

Descope Banner

This is a TypeScript-based Express library that leverages Descope auth and user management capabilities to allow you to easily add Model Context Protocol (MCP) Specification compliant-Authorization to your MCP Server. It implements the provider side of the OAuth 2.1 protocol with PKCE support, Dynamic Client Registration, and Authorization Server Metadata.

Table of Contents

Prerequisites

Before you begin, ensure you have:

  • An existing Descope project
  • An existing Express application
  • Node.js version 18.x or higher

Installation

npm install @descope/mcp-express

Quick Start

  1. Get your credentials from the Descope Console

  2. Create a .env file in your project root:

DESCOPE_PROJECT_ID=your_project_id
DESCOPE_MANAGEMENT_KEY=your_management_key
SERVER_URL=your_mcp_server_url

The SERVER_URL is the URL of your MCP Server.
eg. http://localhost:3000 or https://mcp.example.com

  1. Ensure that the environment variables are loaded, for example by using dotenv:
npm install dotenv
  1. Then, you can use the SDK as follows:
import "dotenv/config";
import express from "express";
import {
  descopeMcpAuthRouter,
  descopeMcpBearerAuth,
} from "@descope/mcp-express";

const app = express();

app.use(descopeMcpAuthRouter());

app.use(["/sse", "/message"], descopeMcpBearerAuth());

app.listen(3000);

The descopeMcpAuthRouter() function adds the metadata and route handlers (eg. dynamic client registration) to the server while the descopeMcpBearerAuth() function checks the request’s headers for a Bearer token and, if found, attaches the Auth object to the request object under the auth key.

  1. Add auth TypeScript type (optional)

If you’re using TypeScript, you can add a type declaration to get proper type checking for the auth property that gets attached to the Express request object. Create a new file (e.g., types/globals.d.ts) and add:

declare module "express-serve-static-core" {
  interface Request {
    /**
     * Information about the validated access token, if the `descopeMcpBearerAuth` middleware was used.
     * Contains user information and token details after successful authentication.
     */
    auth?: AuthInfo;
  }
}

This type declaration will:

  • Enable TypeScript autocompletion for the auth property on request objects
  • Provide type safety when accessing auth-related properties
  • Help catch potential type-related errors during development

Example usage in your route handlers:

app.post("/message", async (req, res) => {
  // TypeScript now knows about req.auth
  if (req.auth) {
    // Access auth properties with full type support
    console.log(req.auth.token);
    console.log(req.auth.scopes);
  }
});

Advanced Usage Examples

Dynamic Client Registration

You can configure dynamic client registration options when initializing the provider:

import express from "express";
import {
  descopeMcpAuthRouter,
  descopeMcpBearerAuth,
} from "@descope/mcp-express";

const app = express();

const provider = new DescopeMcpProvider({
  // The below values are defaults and can be omitted
  // if the environment variables are set and loaded
  projectId: process.env["DESCOPE_PROJECT_ID"],
  managementKey: process.env["DESCOPE_MANAGEMENT_KEY"],
  serverUrl: process.env["SERVER_URL"],

  dynamicClientRegistrationOptions: {
    authPageUrl: `https://api.descope.com/login/${DESCOPE_PROJECT_ID}?flow=consent`,
    permissionScopes: [
      {
        name: "get-schema",
        description: "Allow getting the SQL schema",
      },
      {
        name: "run-query",
        description: "Allow executing a SQL query",
        required: false,
      },
    ],
  },
});

// Add metadata and route handlers (eg. dynamic client registration)
app.use(descopeMcpAuthRouter(provider));

// Add bearer token validation
app.use(["/sse", "/message"], descopeMcpBearerAuth(provider));

app.listen(3000);

Token Verification

You can customize the token verification options by setting the verifyTokenOptions object:

import { descopeMcpBearerAuth, DescopeMcpProvider } from "@descope/mcp-express";

const provider = new DescopeMcpProvider({
  verifyTokenOptions: {
    requiredScopes: ["get-schema", "run-query"],
    key: "descope-public-key",
  },
});

Features

The SDK implements the Model Context Protocol Auth Specification, providing:

  • 🔐 Hosted Metadata
  • 🔑 Authorize endpoint
  • 🎫 Token endpoint
  • 🔒 Token revocation endpoint
  • 📝 Dynamic Client Registration

OAuth Implementation

This SDK implements OAuth 2.0/2.1 following these RFCs:

  • RFC 8414: OAuth 2.0 Authorization Server Metadata
  • RFC 7591: OAuth 2.0 Dynamic Client Registration
  • RFC 7009: OAuth 2.0 Token Revocation

All OAuth schemas are implemented using Zod for runtime type validation.

Attribution

This SDK includes code adapted from the official Model Context Protocol TypeScript SDK, which is licensed under the MIT License.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Dev Tools Supporting MCP

The following are the main code editors that support the Model Context Protocol. Click the link to visit the official website for more information.

Zed

Zed: High-performance collaborative code editor, supports MCP protocol, providing a smooth programming experience. zed.dev

Cursor

Cursor: AI code editor built on VS Code, supports MCP protocol for context-aware programming. cursor.com

Windsurf

Windsurf: AI code editor from Codeium, integrates MCP protocol to provide intelligent code assistance. windsurf.com

Continue

Continue: Open-source AI programming assistant plugin, supports VS Code and JetBrains, compatible with MCP protocol. continue.dev

Trae

Trae: AI-driven code editor, supports MCP protocol, focusing on enhancing developer programming experience. trae.ai

View More MCP Dev Tools

Tools

No tools

Comments

Recommend MCP Servers

Tavily MCP Server

Tavily MCP Server The Tavily MCP server provides: search, extract, map, crawl tools Real-time web search capabilities through the tavily-search tool Intelligent data extraction from web pages via the tavily-extract tool Powerful web mapping tool that creates a structured map of website Web crawler that systematically explores websites.

MCP Server Chart

MCP Server Chart This is a TypeScript-based MCP server that provides chart generation capabilities. It allows you to create various types of charts through MCP tools. You can also use it in Dify.

GitHub MCP Server

GitHub MCP Server MCP Server for the GitHub API, enabling file operations, repository management, search functionality, and more.

Brave Search MCP Server

Brave Search MCP Server Web and local search using Brave's Search API

Firecrawl MCP Server

Firecrawl MCP Server Advanced web scraping with JavaScript rendering, PDF support, and smart rate limiting

Context7 MCP

Context7 MCP LLMs rely on outdated or generic information about the libraries you use. You get:

Slack MCP server

Slack MCP server Channel management and messaging capabilities

Sequential Thinking MCP Server

Sequential Thinking MCP Server Dynamic and reflective problem-solving through thought sequences

Fetch MCP Server

Fetch MCP Server A Model Context Protocol server that provides web content fetching capabilities.

Playwright MCP

Playwright MCP A Model Context Protocol (MCP) server that provides browser automation capabilities using [Playwright](https://playwright.dev). This server enables LLMs to interact with web pages through structured accessibility snapshots, bypassing the need for screenshots or visually-tuned models.

View All MCP Servers