Authorization Server Metadata (RFC 8414)

Returns the OAuth 2.0 Authorization Server Metadata document per RFC 8414.

After fetching the Protected Resource Metadata, MCP clients fetch this endpoint to discover Bifrost's OAuth endpoints (register, authorize, token) and capabilities (PKCE methods, grant types, etc.).

Returns 404 when no MCP clients are configured with auth_type: per_user_oauth.

GET
/.well-known/oauth-authorization-server
AuthorizationBearer <token>

Bearer token authentication. Use your MPilot virtual-key JWT or admin JWT. Virtual keys (prefixed with sk-bf-) can also be passed here.

In: header

Response Body

curl -X GET "https://loading/{AI_GATEWAY_URL}/.well-known/oauth-authorization-server"
{
  "issuer": "https://your-bifrost-domain.com",
  "authorization_endpoint": "https://your-bifrost-domain.com/api/oauth/per-user/authorize",
  "token_endpoint": "https://your-bifrost-domain.com/api/oauth/per-user/token",
  "registration_endpoint": "https://your-bifrost-domain.com/api/oauth/per-user/register",
  "response_types_supported": [
    "code"
  ],
  "grant_types_supported": [
    "authorization_code"
  ],
  "code_challenge_methods_supported": [
    "S256"
  ],
  "token_endpoint_auth_methods_supported": [
    "none"
  ],
  "scopes_supported": [
    "mcp:read",
    "mcp:write"
  ]
}
"string"
On this page

On this page

No Headings