FastMCP Connector
FastMCP connectors expose small verifier APIs that delegate to the MCP transport packages. Use them when your FastMCP integration needs to authenticate a bearer token before running a tool.
Install
Section titled “Install”| Ecosystem | Package |
|---|---|
| TypeScript | npm install @caracalai/mcp-fastmcp @caracalai/transport-mcp @caracalai/revocation |
| Python | pip install caracalai-mcp-fastmcp |
TypeScript verifier
Section titled “TypeScript verifier”import { extractBearer, verifyFastMcpToken } from "@caracalai/mcp-fastmcp";import { createMandateVerifier } from "@caracalai/transport-mcp";import { InMemoryRevocationStore } from "@caracalai/revocation";
const verifier = createMandateVerifier({ issuer: "https://sts.example.com", audience: "https://mcp.example.com", zoneId: "zone_prod", revocations: new InMemoryRevocationStore(),});
const token = extractBearer(request.headers.get("authorization") ?? "");if (!token) throw new Error("missing bearer token");
const context = await verifyFastMcpToken(token, verifier, { requiredScopes: ["mcp:tool:call"], requiredTargets: ["https://mcp.example.com"], requireAgent: true,});
console.log(context.sub, context.zoneId, context.scope);verifyFastMcpToken() returns { sub, zoneId, scope } or throws FastMcpAuthError.
Python verifier
Section titled “Python verifier”from caracalai_mcp_fastmcp import CaracalAuth, CaracalAuthError
auth = CaracalAuth( issuer="https://sts.example.com", audience="https://mcp.example.com", zone_id="zone_prod", required_scopes=["mcp:tool:call"], required_targets=["https://mcp.example.com"], require_agent=True, revocations=revocations,)
try: context = await auth.verify_token(token)except CaracalAuthError as exc: raise RuntimeError(exc.code) from excBoundary
Section titled “Boundary”The connector verifies tokens; it does not create agent sessions or delegation edges. Use the Python SDK or TypeScript SDK to create Caracal context before making outbound calls.

