Simple authentication guard based on API key in request metadata Override this class to implement your own authentication logic
@Injectable()class CustomAuthGuard extends AuthGuard { async canActivate(context: MCPExecutionContext): Promise<boolean> { const request = context.getRequest(); // Check request headers, JWT tokens, etc. const apiKey = request.params?.auth?.apiKey; if (!apiKey || !this.validateApiKey(apiKey)) { throw new MCPUnauthorizedException('Invalid API key'); } return true; }}@Injectable()class MyToolProvider { @UseMCPGuards(CustomAuthGuard) @MCPTool({ name: 'secure_tool', description: 'Authenticated tool' }) async secureTool() { return 'Protected data'; }} Copy
@Injectable()class CustomAuthGuard extends AuthGuard { async canActivate(context: MCPExecutionContext): Promise<boolean> { const request = context.getRequest(); // Check request headers, JWT tokens, etc. const apiKey = request.params?.auth?.apiKey; if (!apiKey || !this.validateApiKey(apiKey)) { throw new MCPUnauthorizedException('Invalid API key'); } return true; }}@Injectable()class MyToolProvider { @UseMCPGuards(CustomAuthGuard) @MCPTool({ name: 'secure_tool', description: 'Authenticated tool' }) async secureTool() { return 'Protected data'; }}
Determine if the operation can proceed
true if allowed, false if denied, or throws an exception
Protected
Validate API key - override this in your implementation
Simple authentication guard based on API key in request metadata Override this class to implement your own authentication logic
Example