MCP with Next.js and Descope
Description
Run an Model Context Protocol (MCP) server on Vercel with Next.js and Descope.
npx boilerapp mcp-with-next-js-and-descope文档
Next.js MCP Server with Vercel MCP Handler and Descope Node SDK
Introduction
This example shows how to build an MCP server using the Vercel MCP Handler with Descope's Node SDK for session validation. The server provides a simple echo tool and demonstrates how to integrate Descope authentication with the Model Context Protocol (MCP) using Vercel's serverless functions.
Key Components
- Vercel's mcp-handler: Handles the MCP protocol communication and serverless function deployment
- Descope Node SDK: Validates user sessions and provides authentication context
- Echo Tool: A simple example tool that returns a "Hello, world!" message
Deployment
You can connect to the server using the MCP Inspector or any other MCP client. Be sure to include the /api/mcp path in the connection URL.
Requirements
Before proceeding, make sure you have the following:
- Node.js (version 20 or later)
- A valid Descope Project ID
Running the Server
First, add the environment variables in a .env file at the root:
NEXT_PUBLIC_DESCOPE_PROJECT_ID= # Your Descope project ID
NEXT_PUBLIC_DESCOPE_BASE_URL= # Your Descope base URL (optional, defaults to https://api.descope.com)
Then, install dependencies:
npm i
Finally, run the server:
npm run dev
The server will start on port 3000 (or the port specified in your environment variables).
API Endpoints
GET/POST /api/[transport]: Handles incoming MCP protocol messages (supports SSE and HTTP transports)
Authentication
The server uses Descope's Node SDK for session validation. The verifyToken function:
- Extracts the bearer token from the request
- Uses the Descope Node SDK to validate the session
- Returns authentication context including user scopes and client ID
- All MCP endpoints require a valid bearer token
Managing API Keys and OAuth Tokens for Tools
If you want Descope to manage your API keys or OAuth tokens for your MCP, you can use functions in the Node SDK to fetch outbound app tokens at either a user or tenant level:
// Fetch user token with specific scopes
const userToken =
await descopeClient.management.outboundApplication.fetchTokenByScopes(
"my-app-id\
Prix
Gratuit