Authorization Server Metadata (RFC 8414)

{ "issuer": "https://your-bifrost-domain.com", "authorization_endpoint": "https://your-bifrost-domain.com/api/oauth/per-user/authorize", "token_endpoint": "https://your-bifrost-domain.com/api/oauth/per-user/token", "registration_endpoint": "https://your-bifrost-domain.com/api/oauth/per-user/register", "response_types_supported": [ "code" ], "grant_types_supported": [ "authorization_code" ], "code_challenge_methods_supported": [ "S256" ], "token_endpoint_auth_methods_supported": [ "none" ], "scopes_supported": [ "mcp:read", "mcp:write" ] }

Authorizations

Authorization

string

header

required

Bearer token authentication. Use your provider API key or Bifrost authentication token. Virtual keys (prefixed with sk-bf-) can also be passed here.

Response

Authorization server metadata

OAuth 2.0 Authorization Server Metadata per RFC 8414. Returned by /.well-known/oauth-authorization-server to let MCP clients discover Bifrost's OAuth endpoints and capabilities.

issuer

string

Authorization server issuer URL (Bifrost base URL)

Example:

"https://your-bifrost-domain.com"

authorization_endpoint

string

Authorization endpoint URL

Example:

"https://your-bifrost-domain.com/api/oauth/per-user/authorize"

token_endpoint

string

Token endpoint URL

Example:

"https://your-bifrost-domain.com/api/oauth/per-user/token"

registration_endpoint

string

Dynamic client registration endpoint URL

Example:

"https://your-bifrost-domain.com/api/oauth/per-user/register"

response_types_supported

string[]

Example:

["code"]

grant_types_supported

string[]

Example:

["authorization_code"]

code_challenge_methods_supported

string[]

Supported PKCE methods (only S256)

Example:

["S256"]

token_endpoint_auth_methods_supported

string[]

Supported token endpoint auth methods (public clients only)

Example:

["none"]

scopes_supported

string[]

Example:

["mcp:read", "mcp:write"]

API Reference

Authorizations

Response