Docs/Add Hardware-Backed Sign-In to Your Application/ MCP Remote Server (TypeScript)
View as .md

MCP Remote Server (TypeScript)

See the Applications overview for prerequisites, configuration endpoints, and available scopes.

The Model Context Protocol (MCP) lets AI assistants call tools on remote servers. This guide covers building an MCP remote server that requires Vouch OIDC bearer tokens, using the official TypeScript SDK and jose for JWT verification.

The server validates access tokens against the Vouch JWKS endpoint and extracts the hardware attestation claim (hardware_verified) from the JWT payload. Tools can gate sensitive operations on hardware key attestation.

Example

mcp/remote-server-ts – Complete working example with bearer token verification, RFC 9728 Protected Resource Metadata, and per-user MCP server instances.