JWT Authentication - Redop

Use jwt(...) when your clients already send bearer tokens and you want Redop to verify them on each HTTP request.

Shared secret example

import { jwt, Redop } from "@redopjs/redop";

new Redop({ serverInfo: { name: "jwt-demo" } }).use(
  jwt({
    secret: process.env.JWT_SECRET ?? "dev-jwt-secret",
    issuer: "https://auth.example.com",
    audience: "my-mcp-server",
  }),
);

JWKS example

new Redop({ serverInfo: { name: "jwt-demo" } }).use(
  jwt({
    jwksUri: "https://auth.example.com/.well-known/jwks.json",
    issuer: "https://auth.example.com",
    audience: "my-mcp-server",
  }),
);

Optional auth

new Redop({ serverInfo: { name: "jwt-demo" } }).use(
  jwt({
    secret: process.env.JWT_SECRET ?? "dev-jwt-secret",
    optional: true,
  }),
);

See also

API Key Authentication

OAuth Authentication