Add issuer as an initialization parameter

.changeset/moody-bars-float.md

@@ -0,0 +1,7 @@
+---
+'@asgardeo/express-vetassist-mcp-server': minor
+'@asgardeo/mcp-express': minor
+'@asgardeo/mcp-node': minor
+---
+
+Improve Developer Experience and minor bug fixes

README.md

@@ -28,21 +28,24 @@ authorization using Asgardeo. If you have any questions, please reach out to us
 
 ## Overview
 
-The Model Context Protocol (MCP) is designed to provide a standardized way for applications to convey contextual information relevant to authorization decisions. These SDKs facilitate the integration of Asgardeo with MCP in JavaScript applications.
+The Model Context Protocol (MCP) is designed to provide a standardized way for applications to convey contextual
+information relevant to authorization decisions. These SDKs facilitate the integration of Asgardeo with MCP in
+JavaScript applications.
 
 ## Packages
 
-| name | description |
-| ------ | ------- |  
-| **MCP Express (@asgardeo/mcp-express)** [![@asgardeo/mcp-express](https://img.shields.io/npm/v/@asgardeo/mcp-express?color=%234A90E2&label=%40asgardeo%2Fmcp-express&logo=express)](./packages/mcp-express/) | Middleware specifically tailored for Express.js applications to seamlessly integrate MCP-based authorization. |
-| **MCP Node (@asgardeo/mcp-node)** [![@asgardeo/mcp-node](https://img.shields.io/npm/v/@asgardeo/mcp-node?color=%23339933&label=%40asgardeo%2Fmcp-node&logo=nodedotjs)](./packages/mcp-node/) | Core functionalities and utilities for MCP, which can be used in various Node.js environments. The Express middleware may utilize or depend on this core package.|
+| name                                                                                                                                                                                                                                           | description                                                                                                                                                       |
+| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [**MCP Express (@asgardeo/mcp-express)**](packages/mcp-express/README.md) [![@asgardeo/mcp-express](https://img.shields.io/npm/v/@asgardeo/mcp-express?color=%234A90E2&label=%40asgardeo%2Fmcp-express&logo=express)](./packages/mcp-express/) | Middleware specifically tailored for Express.js applications to seamlessly integrate MCP-based authorization.                                                     |
+| [**MCP Node (@asgardeo/mcp-node)**](packages/mcp-node/README.md) [![@asgardeo/mcp-node](https://img.shields.io/npm/v/@asgardeo/mcp-node?color=%23339933&label=%40asgardeo%2Fmcp-node&logo=nodedotjs)](./packages/mcp-node/)                    | Core functionalities and utilities for MCP, which can be used in various Node.js environments. The Express middleware may utilize or depend on this core package. |
 
 For detailed installation and usage instructions for each package, please refer to the README file within its respective
 directory (e.g., `packages/mcp-express/README.md`).
 
 ## Contribute
 
-Please read our [Contributing Guide](./CONTRIBUTING.md) for details on our code of conduct, and the process for submitting pull requests to us. We highly value your contributions and support!
+Please read our [Contributing Guide](./CONTRIBUTING.md) for details on our code of conduct, and the process for
+submitting pull requests to us. We highly value your contributions and support!
 
 ### Reporting issues
 
@@ -51,7 +54,9 @@ We encourage you to report issues, improvements, and feature requests by creatin
 
 **Important**: Please be advised that security issues **MUST** be reported to
 <a href="mailto:[email protected]">[email protected]</a>, not as GitHub issues, in order to reach the proper audience.
-We strongly advise following the [WSO2 Security Vulnerability Reporting Guidelines](https://security.docs.wso2.com/en/latest/security-reporting/vulnerability-reporting-guidelines/) when reporting security issues.
+We strongly advise following the
+[WSO2 Security Vulnerability Reporting Guidelines](https://security.docs.wso2.com/en/latest/security-reporting/vulnerability-reporting-guidelines/)
+when reporting security issues.
 
 ## License
 

examples/express-vetassist-mcp-server/README.md

@@ -0,0 +1,34 @@
+# Express-VetAssist-MCP-Server
+
+This is an example Express.js server demonstrating integration with the MCP (Model Context Protocol) authorization.
+
+## Prerequisites
+
+- Node.js (v20+ recommended)
+- PNPM
+
+## Installation
+
+```bash
+pnpm install
+```
+
+## Configuration
+
+Copy `.env.example` to `.env` and update accordingly.
+
+```bash
+cp .env.example .env
+```
+
+## Running the Server
+
+```bash
+pnpm dev
+```
+
+The server will start on the port specified in your `.env` file (default: 8000).
+
+## License
+
+MIT

examples/express-mcp-vet-ai-assist-app/package.json → examples/express-vetassist-mcp-server/package.json

@@ -1,6 +1,6 @@
 {
   "private": true,
-  "name": "@asgardeo/express-mcp-vet-ai-assist-app",
+  "name": "@asgardeo/express-vetassist-mcp-server",
   "version": "0.0.2",
   "description": "Example Express server demonstrating MCP authorization using Asgardeo",
   "keywords": [
@@ -32,18 +32,20 @@
     "@asgardeo/mcp-express": "workspace:*",
     "@modelcontextprotocol/inspector": "^0.11.0",
     "@modelcontextprotocol/sdk": "^1.11.0",
+    "cors": "^2.8.5",
     "dotenv": "^16.3.1",
     "express": "^4.18.2",
     "tailwindcss": "^4.1.5",
     "zod": "^3.24.4"
   },
   "devDependencies": {
-    "@wso2/eslint-plugin": "https://gitpkg.now.sh/brionmario/wso2-ui-configs/packages/eslint-plugin?4ee6f6be232d7631999d709a86b91612f1d34ce7",
-    "@wso2/prettier-config": "https://gitpkg.now.sh/brionmario/wso2-ui-configs/packages/prettier-config?4ee6f6be232d7631999d709a86b91612f1d34ce7",
+    "@types/cors": "^2.8.17",
     "@types/express": "^4.17.21",
     "@types/node": "^20.10.0",
-    "nodemon": "^3.0.2",
+    "@wso2/eslint-plugin": "https://gitpkg.now.sh/brionmario/wso2-ui-configs/packages/eslint-plugin?4ee6f6be232d7631999d709a86b91612f1d34ce7",
+    "@wso2/prettier-config": "https://gitpkg.now.sh/brionmario/wso2-ui-configs/packages/prettier-config?4ee6f6be232d7631999d709a86b91612f1d34ce7",
     "eslint": "8.57.0",
+    "nodemon": "^3.0.2",
     "ts-node": "^10.9.2",
     "typescript": "^5.3.3"
   }

examples/express-mcp-vet-ai-assist-app/src/index.ts → examples/express-vetassist-mcp-server/src/index.ts

@@ -21,6 +21,7 @@ import {McpAuthServer} from '@asgardeo/mcp-express';
 import {McpServer} from '@modelcontextprotocol/sdk/server/mcp';
 import {StreamableHTTPServerTransport} from '@modelcontextprotocol/sdk/server/streamableHttp';
 import {isInitializeRequest} from '@modelcontextprotocol/sdk/types';
+import cors from 'cors';
 import {config} from 'dotenv';
 import express, {Express, Request, Response} from 'express';
 import {z} from 'zod';
@@ -31,8 +32,11 @@ const app: Express = express();
 
 const mcpAuthServer: McpAuthServer = new McpAuthServer({
   baseUrl: process.env.BASE_URL as string,
+  issuer: process.env.ISSUER as string,
+  resource: process.env.RESOURCE as string,
 });
 
+app.use(cors());
 app.use(express.json());
 app.use(mcpAuthServer.router());
 

packages/mcp-express/README.md

@@ -42,9 +42,11 @@ import {McpAuthServer} from '@asgardeo/mcp-express';
 
 const app = express();
 
-// Initialize McpAuthServer with baseUrl
+// Initialize McpAuthServer
 const mcpAuthServer = new McpAuthServer({
   baseUrl: process.env.BASE_URL as string,
+  issuer: process.env.ISSUER as string,
+  resource: 'http://localhost:8000/mcp', // MCP server URL
 });
 
 app.use(express.json());
@@ -65,7 +67,11 @@ Creates a new instance of the MCP authentication server with the given configura
 ```typescript
 import {McpAuthServer} from '@asgardeo/mcp-express';
 
-const mcpAuthServer = new McpAuthServer({baseUrl: 'https://auth.example.com'});
+const mcpAuthServer = new McpAuthServer({
+  baseUrl: 'https://auth.example.com'
+  issuer: 'https://auth.example.com/oauth2/token'
+  resource: 'http://localhost:8000/mcp'
+});
 ```
 
 #### mcpAuthServer.router()

packages/mcp-express/src/middlewares/bearerAuthMiddleware.ts

@@ -46,7 +46,15 @@ export default function bearerAuthMiddleware(options: McpAuthOptions) {
 
     const token: string = parts[1];
 
-    const issuerBase: string | undefined = options?.baseUrl;
+    const baseUrl: string | undefined = options?.baseUrl;
+    const issuer: string | undefined = options?.issuer;
+    const endpoints:
+      | {
+          authorize?: string | undefined;
+          jwks?: string | undefined;
+          token?: string | undefined;
+        }
+      | undefined = options?.endpoints;
 
     const TOKEN_VALIDATION_CONFIG: {
       jwksUri: string;
@@ -56,11 +64,11 @@ export default function bearerAuthMiddleware(options: McpAuthOptions) {
         issuer: string;
       };
     } = {
-      jwksUri: `${issuerBase}/oauth2/jwks`,
+      jwksUri: endpoints?.jwks ?? `${baseUrl}/oauth2/jwks}`,
       options: {
         audience: options?.audience,
         clockTolerance: 60,
-        issuer: `${issuerBase}/oauth2/token`,
+        issuer,
       },
     };
 

packages/mcp-express/src/routes/auth.ts

@@ -23,23 +23,34 @@ import {getProtectedResourceMetadata} from '../controllers/protected-resource';
 
 export default function AuthRouter(options: McpAuthOptions): express.Router {
   const router: express.Router = express.Router();
-  const {baseUrl} = options;
+  const {baseUrl, issuer, resource} = options;
   if (!baseUrl) {
     throw new Error('baseUrl must be provided');
   }
 
+  if (!issuer) {
+    throw new Error('issuer must be provided');
+  }
+
+  if (!resource) {
+    throw new Error('resource must be provided');
+  }
+
+  const resourceUrlPathComponent: string | undefined = undefined; // new URL(options?.resource).pathname;
+
   router.use(
-    PROTECTED_RESOURCE_URL,
+    resourceUrlPathComponent ? PROTECTED_RESOURCE_URL + resourceUrlPathComponent : PROTECTED_RESOURCE_URL,
     getProtectedResourceMetadata({
-      authorizationServers: [baseUrl],
-      resource: 'https://api.example.com',
+      authorizationServers: [issuer],
+      resource,
     }),
   );
 
   router.use(
     AUTHORIZATION_SERVER_METADATA_URL,
     getAuthorizationServerMetadata({
       baseUrl,
+      issuer,
     }),
   );