fastmcp.utilities.auth

Authentication utility helpers.

Functions

decode_jwt_header ^{<a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/utilities/auth.py#L32" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a>}

decode_jwt_header(token: str) -> dict[str, Any]

Decode JWT header without signature verification.

Useful for extracting the key ID (kid) for JWKS lookup.

Args:

• token: JWT token string (header.payload.signature)

Returns:

• Decoded header as a dictionary

Raises:

• ValueError: If token is not a valid JWT format

decode_jwt_payload ^{<a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/utilities/auth.py#L49" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a>}

decode_jwt_payload(token: str) -> dict[str, Any]

Decode JWT payload without signature verification.

Use only for tokens received directly from trusted sources (e.g., IdP token endpoints).

Args:

• token: JWT token string (header.payload.signature)

Returns:

• Decoded payload as a dictionary

Raises:

• ValueError: If token is not a valid JWT format

parse_scopes ^{<a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/utilities/auth.py#L66" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a>}

parse_scopes(value: Any) -> list[str] | None

Parse scopes from environment variables or settings values.

Accepts either a JSON array string, a comma- or space-separated string, a list of strings, or None. Returns a list of scopes or None if no value is provided.