---
title: authorization
sidebarTitle: authorization
---
# `fastmcp.utilities.authorization`
Authorization checks for FastMCP components.
Auth checks are callables that receive an ``AuthContext`` and return True to
allow access or False to deny it. They can also raise ``AuthorizationError`` to
deny with a custom message; other exceptions are masked and treated as denial.
## Functions
### `require_scopes`
```python
require_scopes(*scopes: str) -> AuthCheck
```
Require all of the given OAuth scopes.
### `restrict_tag`
```python
restrict_tag(tag: str) -> AuthCheck
```
Require scopes when the accessed component has a specific tag.
### `run_auth_checks`
```python
run_auth_checks(checks: AuthCheck | list[AuthCheck], ctx: AuthContext) -> bool
```
Run auth checks with AND logic.
## Classes
### `AuthContext`
Context passed to auth check callables.
**Attributes:**
- `token`: The current access token, or None if unauthenticated.
- `component`: The tool, resource, resource template, or prompt being accessed.
- `tool`: Backwards-compatible alias for component when it is a Tool.
**Methods:**
#### `tool`
```python
tool(self) -> Tool | None
```
Backwards-compatible access to the component as a Tool.