mcp-auth · xiaoyijun · Jan 23, 2026 · Jan 23, 2026
diff --git a/docs/references/js/README.md b/docs/references/js/README.md
@@ -4,7 +4,7 @@ sidebar_label: Node.js SDK
 
 # MCP Auth Node.js SDK reference
 
-## Classes
+## Classes {#classes}
 
 - [MCPAuth](/references/js/classes/MCPAuth.md)
 - [MCPAuthAuthServerError](/references/js/classes/MCPAuthAuthServerError.md)
@@ -13,7 +13,7 @@ sidebar_label: Node.js SDK
 - [MCPAuthError](/references/js/classes/MCPAuthError.md)
 - [MCPAuthTokenVerificationError](/references/js/classes/MCPAuthTokenVerificationError.md)
 
-## Type Aliases
+## Type Aliases {#type-aliases}
 
 - [AuthorizationServerMetadata](/references/js/type-aliases/AuthorizationServerMetadata.md)
 - [AuthServerConfig](/references/js/type-aliases/AuthServerConfig.md)
@@ -40,7 +40,7 @@ sidebar_label: Node.js SDK
 - [VerifyAccessTokenFunction](/references/js/type-aliases/VerifyAccessTokenFunction.md)
 - [VerifyAccessTokenMode](/references/js/type-aliases/VerifyAccessTokenMode.md)
 
-## Variables
+## Variables {#variables}
 
 - [authorizationServerMetadataSchema](/references/js/variables/authorizationServerMetadataSchema.md)
 - [authServerErrorDescription](/references/js/variables/authServerErrorDescription.md)
@@ -53,7 +53,7 @@ sidebar_label: Node.js SDK
 - [tokenVerificationErrorDescription](/references/js/variables/tokenVerificationErrorDescription.md)
 - [validateServerConfig](/references/js/variables/validateServerConfig.md)
 
-## Functions
+## Functions {#functions}
 
 - [createVerifyJwt](/references/js/functions/createVerifyJwt.md)
 - [fetchServerConfig](/references/js/functions/fetchServerConfig.md)

diff --git a/docs/references/js/classes/MCPAuth.md b/docs/references/js/classes/MCPAuth.md
@@ -10,13 +10,13 @@ authentication policies for your protected resources.
 It is initialized with your server configurations and provides a `bearerAuth` method
 to generate Express middleware for token-based authentication.
 
-## Example
+## Example {#example}
 
-### Usage in `resource server` mode
+### Usage in `resource server` mode {#usage-in-resource-server-mode}
 
 This is the recommended approach for new applications.
 
-#### Option 1: Discovery config (recommended for edge runtimes)
+#### Option 1: Discovery config (recommended for edge runtimes) {#option-1-discovery-config-recommended-for-edge-runtimes}
 
 Use this when you want metadata to be fetched on-demand. This is especially useful for
 edge runtimes like Cloudflare Workers where top-level async fetch is not allowed.
@@ -42,7 +42,7 @@ const mcpAuth = new MCPAuth({
 });
 ```
 
-#### Option 2: Resolved config (pre-fetched metadata)
+#### Option 2: Resolved config (pre-fetched metadata) {#option-2-resolved-config-pre-fetched-metadata}
 
 Use this when you want to fetch and validate metadata at startup time.
 
@@ -67,7 +67,7 @@ const mcpAuth = new MCPAuth({
 });
 ```
 
-#### Using the middleware
+#### Using the middleware {#using-the-middleware}
 
 ```ts
 // Mount the router to handle Protected Resource Metadata
@@ -88,7 +88,7 @@ app.get(
 );
 ```
 
-### Legacy Usage in `authorization server` mode (Deprecated)
+### Legacy Usage in `authorization server` mode (Deprecated) {#legacy-usage-in-authorization-server-mode-deprecated}
 
 This approach is supported for backward compatibility.
 
@@ -116,9 +116,9 @@ app.get(
 );
 ```
 
-## Constructors
+## Constructors {#constructors}
 
-### Constructor
+### Constructor {#constructor}
 
 ```ts
 new MCPAuth(config: MCPAuthConfig): MCPAuth;
@@ -127,33 +127,33 @@ new MCPAuth(config: MCPAuthConfig): MCPAuth;
 Creates an instance of MCPAuth.
 It validates the entire configuration upfront to fail fast on errors.
 
-#### Parameters
+#### Parameters {#parameters}
 
-##### config
+##### config {#config}
 
 [`MCPAuthConfig`](/references/js/type-aliases/MCPAuthConfig.md)
 
 The authentication configuration.
 
-#### Returns
+#### Returns {#returns}
 
 `MCPAuth`
 
-## Properties
+## Properties {#properties}
 
-### config
+### config {#config}
 
 ```ts
 readonly config: MCPAuthConfig;
 ```
 
 The authentication configuration.
 
-## Methods
+## Methods {#methods}
 
-### bearerAuth()
+### bearerAuth() {#bearerauth}
 
-#### Call Signature
+#### Call Signature {#call-signature}
 
 ```ts
 bearerAuth(verifyAccessToken: VerifyAccessTokenFunction, config?: Omit<BearerAuthConfig, "issuer" | "verifyAccessToken">): RequestHandler;
@@ -162,9 +162,9 @@ bearerAuth(verifyAccessToken: VerifyAccessTokenFunction, config?: Omit<BearerAut
 Creates a Bearer auth handler (Express middleware) that verifies the access token in the
 `Authorization` header of the request.
 
-##### Parameters
+##### Parameters {#parameters}
 
-###### verifyAccessToken
+###### verifyAccessToken {#verifyaccesstoken}
 
 [`VerifyAccessTokenFunction`](/references/js/type-aliases/VerifyAccessTokenFunction.md)
 
@@ -177,7 +177,7 @@ verification result.
 [VerifyAccessTokenFunction](/references/js/type-aliases/VerifyAccessTokenFunction.md) for the type definition of the
 `verifyAccessToken` function.
 
-###### config?
+###### config? {#config}
 
 `Omit`\<[`BearerAuthConfig`](/references/js/type-aliases/BearerAuthConfig.md), `"issuer"` \| `"verifyAccessToken"`\>
 
@@ -188,19 +188,19 @@ Optional configuration for the Bearer auth handler.
 [BearerAuthConfig](/references/js/type-aliases/BearerAuthConfig.md) for the available configuration options (excluding
 `verifyAccessToken` and `issuer`).
 
-##### Returns
+##### Returns {#returns}
 
 `RequestHandler`
 
 An Express middleware function that verifies the access token and adds the
 verification result to the request object (`req.auth`).
 
-##### See
+##### See {#see}
 
 [handleBearerAuth](/references/js/functions/handleBearerAuth.md) for the implementation details and the extended types of the
 `req.auth` (`AuthInfo`) object.
 
-#### Call Signature
+#### Call Signature {#call-signature}
 
 ```ts
 bearerAuth(mode: "jwt", config?: Omit<BearerAuthConfig, "issuer" | "verifyAccessToken"> & VerifyJwtConfig): RequestHandler;
@@ -212,9 +212,9 @@ Creates a Bearer auth handler (Express middleware) that verifies the access toke
 In the `'jwt'` mode, the handler will create a JWT verification function using the JWK Set
 from the authorization server's JWKS URI.
 
-##### Parameters
+##### Parameters {#parameters}
 
-###### mode
+###### mode {#mode}
 
 `"jwt"`
 
@@ -224,7 +224,7 @@ The mode of verification for the access token. Currently, only 'jwt' is supporte
 
 [VerifyAccessTokenMode](/references/js/type-aliases/VerifyAccessTokenMode.md) for the available modes.
 
-###### config?
+###### config? {#config}
 
 `Omit`\<[`BearerAuthConfig`](/references/js/type-aliases/BearerAuthConfig.md), `"issuer"` \| `"verifyAccessToken"`\> & `VerifyJwtConfig`
 
@@ -238,26 +238,26 @@ verification.
  - [BearerAuthConfig](/references/js/type-aliases/BearerAuthConfig.md) for the available configuration options (excluding
 `verifyAccessToken` and `issuer`).
 
-##### Returns
+##### Returns {#returns}
 
 `RequestHandler`
 
 An Express middleware function that verifies the access token and adds the
 verification result to the request object (`req.auth`).
 
-##### See
+##### See {#see}
 
 [handleBearerAuth](/references/js/functions/handleBearerAuth.md) for the implementation details and the extended types of the
 `req.auth` (`AuthInfo`) object.
 
-##### Throws
+##### Throws {#throws}
 
 if the JWKS URI is not provided in the server metadata when
 using the `'jwt'` mode.
 
 ***
 
-### ~~delegatedRouter()~~
+### ~~delegatedRouter()~~ {#delegatedrouter}
 
 ```ts
 delegatedRouter(): Router;
@@ -266,18 +266,18 @@ delegatedRouter(): Router;
 Creates a delegated router for serving legacy OAuth 2.0 Authorization Server Metadata endpoint
 (`/.well-known/oauth-authorization-server`) with the metadata provided to the instance.
 
-#### Returns
+#### Returns {#returns}
 
 `Router`
 
 A router that serves the OAuth 2.0 Authorization Server Metadata endpoint with the
 metadata provided to the instance.
 
-#### Deprecated
+#### Deprecated {#deprecated}
 
 Use [protectedResourceMetadataRouter](/references/js/classes/MCPAuth.md#protectedresourcemetadatarouter) instead.
 
-#### Example
+#### Example {#example}
 
 ```ts
 import express from 'express';
@@ -288,13 +288,13 @@ const mcpAuth: MCPAuth; // Assume this is initialized
 app.use(mcpAuth.delegatedRouter());
 ```
 
-#### Throws
+#### Throws {#throws}
 
 If called in `resource server` mode.
 
 ***
 
-### protectedResourceMetadataRouter()
+### protectedResourceMetadataRouter() {#protectedresourcemetadatarouter}
 
 ```ts
 protectedResourceMetadataRouter(): Router;
@@ -306,17 +306,17 @@ for all configured resources.
 This router automatically creates the correct `.well-known` endpoints for each
 resource identifier provided in your configuration.
 
-#### Returns
+#### Returns {#returns}
 
 `Router`
 
 A router that serves the OAuth 2.0 Protected Resource Metadata endpoint.
 
-#### Throws
+#### Throws {#throws}
 
 If called in `authorization server` mode.
 
-#### Example
+#### Example {#example}
 
 ```ts
 import express from 'express';