Skip to main content
Use a remote identity provider (IdP) like Frontegg, Auth0, Azure Entra, etc.

Configuration

auth: {
  type: 'remote',
  name: 'frontegg',
  baseUrl: 'https://autheu.davidantoon.me',
  dcrEnabled?: boolean,
  clientId?: string | ((clientInfo: { clientId: string }) => string),
  mode?: 'orchestrated' | 'transparent',
  allowAnonymous?: boolean,
  consent?: boolean,
  scopes?: string[],
  grantTypes?: ('authorization_code' | 'refresh_token')[],
  authEndpoint?: string,
  tokenEndpoint?: string,
  registrationEndpoint?: string,
  userInfoEndpoint?: string,
  jwks?: JSONWebKeySet,
  jwksUri?: string,
}

Example (server‑level)

@FrontMcp({
  info: { name: 'Expense MCP', version: '1.0.0' },
  apps: [ExpenseApp],
  auth: { type: 'remote', name: 'frontegg', baseUrl: 'https://autheu.davidantoon.me', consent: true },
})
export default class Server {}

Example (per app)

@App({
  name: 'CRM',
  auth: { type: 'remote', name: 'crm', baseUrl: 'https://idp.example.com', scopes: ['openid','email'] },
  standalone: true,
})
export default class CrmApp {}
Use standalone: true to expose the app’s auth surface under its own scope/entry.

DCR vs non‑DCR

  • dcrEnabled: true → FrontMCP registers the client dynamically at the IdP.
  • dcrEnabled: false → supply clientId and use a local OAuth proxy to handle registration/storage. See Remote OAuth → Proxy.