TBD: Middleware and auth for McpServer

[dvoytenko]

See an alternative approach in #39

Provide a facility to use middleware, including auth, for createMcpHandler.

The @modelcontextprotocol/sdk is constructed around Express' middleware. E.g. see this sample. However, this is not normally available in Next.js.

The middleware is included like this:

const mcpHandler = createMcpHandler(
      ...
      {
        middleware: [
          (req) => {
            const header = req.headers.get("Authorization");
            if (header?.startsWith("Bearer ")) {
              const token = header.slice(7).trim();
              return {
                auth: { token, clientId: "client1", scopes: ["read:stuff"] },
              };
            }
          },
        ],
      }
);

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	vitest@​3.2.1
	zod@​3.24.4 ⏵ 3.25.50	+1			+5

View full report