`fastmcp.server.middleware.authorization`

Authorization middleware for FastMCP. This module provides middleware-based authorization using callable auth checks. AuthMiddleware applies auth checks globally to all components on the server. Example:

from fastmcp import FastMCP
from fastmcp.server.auth import require_scopes, restrict_tag
from fastmcp.server.middleware import AuthMiddleware

# Require specific scope for all components
mcp = FastMCP(middleware=[
    AuthMiddleware(auth=require_scopes("api"))
])

# Tag-based: components tagged "admin" require "admin" scope
mcp = FastMCP(middleware=[
    AuthMiddleware(auth=restrict_tag("admin", scopes=["admin"]))
])

Classes

`AuthMiddleware`

Global authorization middleware using callable checks. This middleware applies auth checks to all components (tools, resources, prompts) on the server. It uses the same callable API as component-level auth checks. The middleware:

Filters tools/resources/prompts from list responses based on auth checks
Checks auth before tool execution, resource read, and prompt render
Skips all auth checks for STDIO transport (no OAuth concept)

Args:

auth: A single auth check function or list of check functions. All checks must pass for authorization to succeed (AND logic).

Methods:

`on_list_tools`

on_list_tools(self, context: MiddlewareContext[mt.ListToolsRequest], call_next: CallNext[mt.ListToolsRequest, Sequence[Tool]]) -> Sequence[Tool]

Filter tools/list response based on auth checks.

`on_call_tool`

on_call_tool(self, context: MiddlewareContext[mt.CallToolRequestParams], call_next: CallNext[mt.CallToolRequestParams, ToolResult]) -> ToolResult

Check auth before tool execution.

`on_list_resources`

on_list_resources(self, context: MiddlewareContext[mt.ListResourcesRequest], call_next: CallNext[mt.ListResourcesRequest, Sequence[Resource]]) -> Sequence[Resource]

Filter resources/list response based on auth checks.

`on_read_resource`

on_read_resource(self, context: MiddlewareContext[mt.ReadResourceRequestParams], call_next: CallNext[mt.ReadResourceRequestParams, ResourceResult]) -> ResourceResult

Check auth before resource read.

`on_list_resource_templates`

on_list_resource_templates(self, context: MiddlewareContext[mt.ListResourceTemplatesRequest], call_next: CallNext[mt.ListResourceTemplatesRequest, Sequence[ResourceTemplate]]) -> Sequence[ResourceTemplate]

Filter resource templates/list response based on auth checks.

`on_list_prompts`

on_list_prompts(self, context: MiddlewareContext[mt.ListPromptsRequest], call_next: CallNext[mt.ListPromptsRequest, Sequence[Prompt]]) -> Sequence[Prompt]

Filter prompts/list response based on auth checks.

`on_get_prompt`

on_get_prompt(self, context: MiddlewareContext[mt.GetPromptRequestParams], call_next: CallNext[mt.GetPromptRequestParams, PromptResult]) -> PromptResult

Check auth before prompt render.

fastmcp.apps

fastmcp.cli

fastmcp.client

fastmcp.experimental

fastmcp.prompts

fastmcp.resources

fastmcp.server

fastmcp.tools

fastmcp.utilities

authorization

`fastmcp.server.middleware.authorization`

Classes

`AuthMiddleware`

`on_list_tools`

`on_call_tool`

`on_list_resources`

`on_read_resource`

`on_list_resource_templates`

`on_list_prompts`

`on_get_prompt`

fastmcp.apps

fastmcp.cli

fastmcp.client

fastmcp.experimental

fastmcp.prompts

fastmcp.resources

fastmcp.server

fastmcp.tools

fastmcp.utilities

Documentation Index

​fastmcp.server.middleware.authorization

​Classes

​AuthMiddleware

​on_list_tools

​on_call_tool

​on_list_resources

​on_read_resource

​on_list_resource_templates

​on_list_prompts

​on_get_prompt

`fastmcp.server.middleware.authorization`

Classes

`AuthMiddleware`

`on_list_tools`

`on_call_tool`

`on_list_resources`

`on_read_resource`

`on_list_resource_templates`

`on_list_prompts`

`on_get_prompt`