---
title: McpProtectionFilter
description: Protects a Model Context Protocol (MCP) server as an OAuth 2.0 protected resource.
component: pinggateway
version: 2026
page_id: pinggateway:reference:McpProtectionFilter
canonical_url: https://docs.pingidentity.com/pinggateway/2026/reference/McpProtectionFilter.html
revdate: 2026-01-05
section_ids:
  usage: Usage
  properties: Properties
  more_information: More information
---

# McpProtectionFilter

Protects a [Model Context Protocol (MCP)](https://modelcontextprotocol.io/docs/getting-started/intro) server as an OAuth 2.0 protected resource.

|   |                                                                                                                                                                                                                             |
| - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | This feature has [Evolving](https://docs.pingidentity.com/pinggateway/release-notes/stability.html#interface-stability) interface stability. It's subject to change without notice, even in a minor or maintenance release. |

This filter has the following additional OAuth 2.0 resource server capabilities:

* Registers a static OAuth 2.0 protected resource metadata at the `/.well-known/oauth-protected-resource` endpoint.

* Adapts any `WWW-Authenticate` response header to ensure it includes a `resource_metadata` directive.

* Validates the `aud` claim in the OAuth 2.0 access token to ensure it matches the `"resourceId"` setting for this filter.

|   |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |
| - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | The MCP [resource parameter implementation](https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization#resource-parameter-implementation) depends on [RFC 9728, OAuth 2.0 Protected Resource Metadata](https://datatracker.ietf.org/doc/html/rfc9728#section-1.2), which defines the resource identifier as an HTTPS URL.In other words, in MCP the resource server protects access to the resource with HTTPS. For this filter, you must therefore access remote resources over HTTPS. |

## Usage

```none
{
  "name": string,
  "type": "McpProtectionFilter",
  "config": {
    "resourceId": configuration expression<string>,
    "authorizationServerUri": config expression<url>,
    "resourceServerFilter": Filter reference,
    "supportedScopes": [ configuration expression<string>, …​ ]
    "realm": configuration expression<string>,
    "resourceIdPointer": configuration expression<string>
    }
  }
}
```

## Properties

* `"resourceId"`: *configuration expression<[string](preface.html#definition-string)>, required*

  The protected resource identifier to return, an `https://` URL with no fragment.

* `"authorizationServerUri"`: *configuration expression<[url](preface.html#definition-url)>, required*

  The URL of the OAuth 2.0 authorization server to validate access tokens.

* `"resourceServerFilter"`: *configuration expression<[url](preface.html#definition-url)>, required*

  The [OAuth2ResourceServerFilter](OAuth2ResourceServerFilter.html) to use.

* `"supportedScopes"`: \_array of configuration expression<[string](preface.html#definition-string)>, optional

  List of supported scopes to return in the resource metadata.

  These should match the [scopes](OAuth2ResourceServerFilter.html#OAuth2ResourceServerFilter-scopes) in the settings of the filter that the `"resourceServerFilter"` references.

  Default: none.

* `"realm"`: \_configuration expression<[string](preface.html#definition-string)>, optional

  Name of the realm for authentication challenges and returned to the client application on error.

  This should match the [realm](OAuth2ResourceServerFilter.html#OAuth2ResourceServerFilter-realm) in the settings of the filter that the `"resourceServerFilter"` references.

  Default: no realm.

* `"resourceIdPointer"`: *configuration expression<[string](preface.html#definition-string)>, optional*

  JSON pointer to the resource ID claim in the access token.

  Default: `"/aud"`.

## More information

* [MCP specification](https://modelcontextprotocol.io/specification/2025-06-18) (Revision: 2025-06-18)

* [RFC 9728, OAuth 2.0 Protected Resource Metadata](https://www.rfc-editor.org/rfc/rfc9728.html)

* [org.forgerock.openig.mcp.McpProtectionFilterHeaplet](../_attachments/apidocs/org/forgerock/openig/mcp/McpProtectionFilterHeaplet.html)