auth

package
v0.2.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 13, 2026 License: MPL-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrOAuthTokenNotFound = errors.New("oauth token not found")

Functions

func DefaultMCPAuthStatusFromConfig

func DefaultMCPAuthStatusFromConfig(cfg spec.MCPServerConfig) spec.MCPAuthStatus

func ValidateOAuthClientCredentialsSecret

func ValidateOAuthClientCredentialsSecret(raw string, requireClientSecret bool) error

Types

type AuthManager

type AuthManager struct {
	// contains filtered or unexported fields
}

func NewAuthManager

func NewAuthManager(secrets SecretResolver, opts ...AuthManagerOption) *AuthManager

func (*AuthManager) BuildAuthHealth added in v0.1.20

func (m *AuthManager) BuildAuthHealth(ctx context.Context, cfg spec.MCPServerConfig) spec.MCPAuthHealth

BuildAuthHealth returns the user-facing auth health for a server.

Important storage model:

  • OAuth authorization-code tokens are process-local. After app restart, OAuth should show authorization-needed unless a new authorization is pending in the loopback broker.
  • PAT/API-key values are explicit user-provided secrets and are represented by streamableHttp.secretHeaderRefs. Those are persistent config secrets.

This function derives "configured" from the current server config and then overlays process-local runtime status and pending OAuth broker state.

func (*AuthManager) ClearAuthStatus

func (m *AuthManager) ClearAuthStatus(bundleID bundleitemutils.BundleID, serverID spec.MCPServerID)

func (*AuthManager) ClearAuthStatuses

func (m *AuthManager) ClearAuthStatuses()

func (*AuthManager) GetAuthStatus

func (m *AuthManager) GetAuthStatus(
	bundleID bundleitemutils.BundleID,
	serverID spec.MCPServerID,
) (spec.MCPAuthStatus, bool)

func (*AuthManager) PrepareTransportAuth

func (m *AuthManager) PrepareTransportAuth(
	ctx context.Context,
	cfg spec.MCPServerConfig,
) (ResolvedTransportAuth, error)

func (*AuthManager) SaveAuthStatus

func (m *AuthManager) SaveAuthStatus(ctx context.Context, st spec.MCPAuthStatus) error

type AuthManagerOption

type AuthManagerOption func(*AuthManager)

func WithAuthHTTPClient

func WithAuthHTTPClient(client *http.Client) AuthManagerOption

func WithOAuthAuthorizationBroker

func WithOAuthAuthorizationBroker(broker OAuthAuthorizationBroker) AuthManagerOption

func WithOAuthRedirectURL

func WithOAuthRedirectURL(redirectURL string) AuthManagerOption

func WithOAuthTokenStore added in v0.1.20

func WithOAuthTokenStore(store OAuthTokenStore) AuthManagerOption

type AuthStatusSink

type AuthStatusSink interface {
	SaveAuthStatus(ctx context.Context, st spec.MCPAuthStatus) error
}

type OAuthAuthorizationBroker

type OAuthAuthorizationBroker interface {
	FetchAuthorizationCode(
		ctx context.Context,
		req OAuthAuthorizationRequest,
	) (*OAuthAuthorizationResult, error)
}

type OAuthAuthorizationRequest

type OAuthAuthorizationRequest struct {
	BundleID         string
	ServerID         spec.MCPServerID
	AuthorizationURL string
}

type OAuthAuthorizationResult

type OAuthAuthorizationResult struct {
	Code  string
	State string
	Iss   string
}

type OAuthLoopbackBroker

type OAuthLoopbackBroker struct {
	// contains filtered or unexported fields
}

func (*OAuthLoopbackBroker) Cancel

func (b *OAuthLoopbackBroker) Cancel(bundleID bundleitemutils.BundleID, serverID spec.MCPServerID) bool

func (*OAuthLoopbackBroker) Close

func (b *OAuthLoopbackBroker) Close() error

func (*OAuthLoopbackBroker) FetchAuthorizationCode

func (*OAuthLoopbackBroker) ListenAddr added in v0.1.13

func (b *OAuthLoopbackBroker) ListenAddr() string

func (*OAuthLoopbackBroker) Pending

func (*OAuthLoopbackBroker) RedirectURL

func (b *OAuthLoopbackBroker) RedirectURL() string

func (*OAuthLoopbackBroker) ServeHTTP

func (b *OAuthLoopbackBroker) ServeHTTP(w http.ResponseWriter, r *http.Request)

type OAuthLoopbackBrokerOptions

type OAuthLoopbackBrokerOptions struct {
	TTL          time.Duration
	CallbackPath string
	Logger       *slog.Logger
	ListenAddr   string
}

type OAuthTokenStore added in v0.1.20

type OAuthTokenStore interface {
	LoadOAuthToken(ctx context.Context, base spec.MCPAuthStatus) (*oauth2.Token, error)
	SaveOAuthToken(ctx context.Context, base spec.MCPAuthStatus, tok *oauth2.Token) error
	DeleteOAuthToken(ctx context.Context, base spec.MCPAuthStatus) error
}

type ResolvedTransportAuth

type ResolvedTransportAuth struct {
	Env     map[string]string
	Headers map[string]string

	SensitiveValues []string
	Status          spec.MCPAuthStatus
	OAuthHandler    mcpAuth.OAuthHandler
}

type SecretRedactor

type SecretRedactor struct {
	// contains filtered or unexported fields
}

func NewSecretRedactor

func NewSecretRedactor(resolved ResolvedTransportAuth) *SecretRedactor

func (*SecretRedactor) Redact

func (r *SecretRedactor) Redact(s string) string

type SecretResolver

type SecretResolver interface {
	ResolveSecret(ctx context.Context, ref string) (string, error)
}

type StaticSecretResolver

type StaticSecretResolver map[string]string

func (StaticSecretResolver) ResolveSecret

func (r StaticSecretResolver) ResolveSecret(ctx context.Context, ref string) (string, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL