---
title: auth
sidebarTitle: auth
---
# `fastmcp.utilities.auth`
Authentication utility helpers.
## Functions
### `decode_jwt_header`
```python
decode_jwt_header(token: str) -> dict[str, Any]
```
Decode JWT header without signature verification.
Useful for extracting the key ID (kid) for JWKS lookup.
**Args:**
- `token`: JWT token string (header.payload.signature)
**Returns:**
- Decoded header as a dictionary
**Raises:**
- `ValueError`: If token is not a valid JWT format
### `decode_jwt_payload`
```python
decode_jwt_payload(token: str) -> dict[str, Any]
```
Decode JWT payload without signature verification.
Use only for tokens received directly from trusted sources (e.g., IdP token endpoints).
**Args:**
- `token`: JWT token string (header.payload.signature)
**Returns:**
- Decoded payload as a dictionary
**Raises:**
- `ValueError`: If token is not a valid JWT format
### `parse_scopes`
```python
parse_scopes(value: Any) -> list[str] | None
```
Parse scopes from environment variables or settings values.
Accepts either a JSON array string, a comma- or space-separated string,
a list of strings, or ``None``. Returns a list of scopes or ``None`` if
no value is provided.