Use resource metadata URL instead of path

allenzhou101 · allenzhou101 · commit 4cf7988cb3ae · 2025-06-01T09:41:31.000-07:00
diff --git a/src/next/auth-wrapper.ts b/src/next/auth-wrapper.ts
@@ -17,17 +17,15 @@ export interface McpAuthOptions {
   requiredScopes?: string[];
 
   /**
-   * Optional, resource metadata path to include in WWW-Authenticate header.
+   * Optional, resource metadata URL to include in WWW-Authenticate header.
    */
-  resourceMetadataPath?: string;
+  resourceMetadataUrl?: string;
 }
 
 export function withMcpAuth(
   handler: (req: Request) => Promise<Response>,
   verifyToken: (req: Request, token: string) => Promise<AuthInfo>,
-  options: McpAuthOptions = {
-    resourceMetadataPath: "/.well-known/oauth-protected-resource"
-  }
+  options?: McpAuthOptions
 ) {
   return async (req: Request) => {
     try {
@@ -53,7 +51,7 @@ export function withMcpAuth(
       }
 
       // Check if token has the required scopes (if any)
-      if (options.requiredScopes?.length) {
+      if (options?.requiredScopes?.length) {
         const hasAllScopes = options.requiredScopes.every(scope =>
           authInfo.scopes.includes(scope)
         );
@@ -74,7 +72,7 @@ export function withMcpAuth(
       return handler(req);
     } catch (error) {
       const origin = new URL(req.url).origin;
-      const resourceMetadataUrl = options.resourceMetadataPath || `${origin}/.well-known/oauth-protected-resource`;
+      const resourceMetadataUrl = options?.resourceMetadataUrl || `${origin}/.well-known/oauth-protected-resource`;
       
       if (error instanceof InvalidTokenError) {
         return new Response(JSON.stringify(error.toResponseObject()), {
