modelcontextprotocol · jonathanhefner · Feb 4, 2026
@@ -1206,6 +1206,7 @@ export async function refreshAuthorization(
  * @throws {Error} When provider doesn't implement prepareTokenRequest or token fetch fails
  *
  * @example
+ * ```typescript
  * // Provider for client_credentials:
  * class MyProvider implements OAuthClientProvider {
  *   prepareTokenRequest(scope) {
@@ -1217,6 +1218,7 @@ export async function refreshAuthorization(
  * }
  *
  * const tokens = await fetchToken(provider, authServerUrl, { metadata });
+ * ```
  */
 export async function fetchToken(
     provider: OAuthClientProvider,

@@ -13,9 +13,11 @@ import type { AddClientAuthentication, OAuthClientProvider } from './auth.js';
 /**
  * Helper to produce a private_key_jwt client authentication function.
  *
- * Usage:
- *   const addClientAuth = createPrivateKeyJwtAuth({ issuer, subject, privateKey, alg, audience? });
- *   // pass addClientAuth as provider.addClientAuthentication implementation
+ * @example
+ * ```typescript
+ * const addClientAuth = createPrivateKeyJwtAuth({ issuer, subject, privateKey, alg, audience? });
+ * // pass addClientAuth as provider.addClientAuthentication implementation
+ * ```
  */
 export function createPrivateKeyJwtAuth(options: {
     issuer: string;
@@ -114,6 +116,7 @@ export interface ClientCredentialsProviderOptions {
  * the client authenticates using a client_id and client_secret.
  *
  * @example
+ * ```typescript
  * const provider = new ClientCredentialsProvider({
  *   clientId: 'my-client',
  *   clientSecret: 'my-secret'
@@ -122,6 +125,7 @@ export interface ClientCredentialsProviderOptions {
  * const transport = new StreamableHTTPClientTransport(serverUrl, {
  *   authProvider: provider
  * });
+ * ```
  */
 export class ClientCredentialsProvider implements OAuthClientProvider {
     private _tokens?: OAuthTokens;
@@ -222,6 +226,7 @@ export interface PrivateKeyJwtProviderOptions {
  * the client authenticates using a signed JWT assertion (RFC 7523 Section 2.2).
  *
  * @example
+ * ```typescript
  * const provider = new PrivateKeyJwtProvider({
  *   clientId: 'my-client',
  *   privateKey: pemEncodedPrivateKey,
@@ -231,6 +236,7 @@ export interface PrivateKeyJwtProviderOptions {
  * const transport = new StreamableHTTPClientTransport(serverUrl, {
  *   authProvider: provider
  * });
+ * ```
  */
 export class PrivateKeyJwtProvider implements OAuthClientProvider {
     private _tokens?: OAuthTokens;

@@ -44,7 +44,9 @@ export function localhostAllowedHostnames(): string[] {
 /**
  * Web-standard Request helper for DNS rebinding protection.
  * @example
+ * ```typescript
  * const result = validateHostHeader(req.headers.get('host'), ['localhost'])
+ * ```
  */
 export function hostHeaderValidationResponse(req: Request, allowedHostnames: string[]): Response | undefined {
     const result = validateHostHeader(req.headers.get('host'), allowedHostnames);