--- title: authorization sidebarTitle: authorization --- # `fastmcp.utilities.authorization` Authorization checks for FastMCP components. Auth checks are callables that receive an ``AuthContext`` and return True to allow access or False to deny it. They can also raise ``AuthorizationError`` to deny with a custom message; other exceptions are masked and treated as denial. ## Functions ### `require_scopes` ```python require_scopes(*scopes: str) -> AuthCheck ``` Require all of the given OAuth scopes. ### `restrict_tag` ```python restrict_tag(tag: str) -> AuthCheck ``` Require scopes when the accessed component has a specific tag. ### `run_auth_checks` ```python run_auth_checks(checks: AuthCheck | list[AuthCheck], ctx: AuthContext) -> bool ``` Run auth checks with AND logic. ## Classes ### `AuthContext` Context passed to auth check callables. **Attributes:** - `token`: The current access token, or None if unauthenticated. - `component`: The tool, resource, resource template, or prompt being accessed. - `tool`: Backwards-compatible alias for component when it is a Tool. **Methods:** #### `tool` ```python tool(self) -> Tool | None ``` Backwards-compatible access to the component as a Tool.