naftiko: 1.0.0-alpha2
info:
  label: PropelAuth MCP Authentication — OAuth 2.1 for AI Agents
  description: 'PropelAuth OAuth 2.1 server capability for Model Context Protocol clients. Provides authorization,
    token, introspection, dynamic client registration, and metadata discovery so MCP servers can be protected with
    PropelAuth identity and organization-scoped permissions.'
  tags:
  - PropelAuth
  - MCP
  - OAuth 2.1
  - AI Agents
  created: '2026-05-25'
  modified: '2026-05-25'
binds:
- namespace: env
  keys:
    PROPELAUTH_AUTH_URL: PROPELAUTH_AUTH_URL
capability:
  consumes:
  - type: http
    namespace: propelauth-mcp
    baseUri: '{{env.PROPELAUTH_AUTH_URL}}'
    description: PropelAuth MCP OAuth 2.1 endpoints.
    resources:
    - name: token
      path: /oauth/2.1/token
      operations:
      - name: mcpToken
        method: POST
        description: Exchange code or refresh token for an access token.
        outputRawFormat: json
        inputParameters:
        - name: body
          in: body
          type: object
          required: true
    - name: introspect
      path: /oauth/2.1/introspect
      operations:
      - name: mcpIntrospect
        method: POST
        description: Validate an access token.
        outputRawFormat: json
        inputParameters:
        - name: body
          in: body
          type: object
          required: true
    - name: register
      path: /oauth/2.1/register
      operations:
      - name: mcpRegister
        method: POST
        description: Dynamically register an MCP client.
        outputRawFormat: json
        inputParameters:
        - name: body
          in: body
          type: object
          required: true
    - name: metadata
      path: /.well-known/oauth-authorization-server/oauth/2.1
      operations:
      - name: mcpAuthServerMetadata
        method: GET
        description: OAuth 2.1 authorization server metadata.
        outputRawFormat: json
    authentication:
      type: none
  exposes:
  - type: mcp
    namespace: propelauth-mcp-mcp
    port: 9093
    transport: http
    description: MCP adapter for PropelAuth MCP OAuth 2.1.
    tools:
    - name: propelauth-mcp-token
      description: Exchange code or refresh token for MCP access tokens.
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: propelauth-mcp.mcpToken
      with:
        body: tools.body
    - name: propelauth-mcp-introspect
      description: Introspect an MCP access token.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: propelauth-mcp.mcpIntrospect
      with:
        body: tools.body
    - name: propelauth-mcp-register
      description: Dynamically register a new MCP client.
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: propelauth-mcp.mcpRegister
      with:
        body: tools.body
    - name: propelauth-mcp-metadata
      description: Fetch OAuth 2.1 authorization server metadata.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: propelauth-mcp.mcpAuthServerMetadata