Documentation
¶
Index ¶
- Constants
- func AddClaimsToContext(ctx context.Context, claims *TokenClaims) context.Context
- func Middleware(config *mcpserver.MCPServer) func(http.Handler) http.Handler
- func NewProtectedResourceMetadataHandler(basePath string, config MetadataConfig) http.HandlerFunc
- func ProtectedResourceMetadataHandler(config *mcpserver.MCPServer) http.HandlerFunc
- type MetadataConfig
- type OIDCDiscoveryDocument
- type ProtectedResourceMetadata
- type TokenClaims
- type TokenValidator
- type TokenValidatorConfig
Constants ¶
const (
ProtectedResourceMetadataEndpoint = "/.well-known/oauth-protected-resource"
)
Variables ¶
This section is empty.
Functions ¶
func AddClaimsToContext ¶
func AddClaimsToContext(ctx context.Context, claims *TokenClaims) context.Context
AddClaimsToContext returns a new context with the given claims added, which can be retrieved via GetClaimsFromContext
func Middleware ¶
Middleware returns a middleware function that checks if the Authorization Header is set and otherwise returns a 401 with the WWW-Authenticate header containing information about the Protected Resource Endpoint
func NewProtectedResourceMetadataHandler ¶
func NewProtectedResourceMetadataHandler(basePath string, config MetadataConfig) http.HandlerFunc
NewProtectedResourceMetadataHandler creates an HTTP handler for the .well-known/oauth-protected-resource endpoint The endpoint will be available at {basePath}/.well-known/oauth-protected-resource
func ProtectedResourceMetadataHandler ¶
func ProtectedResourceMetadataHandler(config *mcpserver.MCPServer) http.HandlerFunc
Types ¶
type MetadataConfig ¶
type MetadataConfig struct {
ResourceName string `json:"resourceName,omitempty"`
AuthorizationServers []string `json:"authorizationServers,omitempty"`
ScopesSupported []string `json:"scopesSupported,omitempty"`
JWKSURI string `json:"jwksUri,omitempty"`
}
MetadataConfig holds the configuration for OAuth 2.0 Protected Resource Metadata
type OIDCDiscoveryDocument ¶
type OIDCDiscoveryDocument struct {
JWKSURI string `json:"jwks_uri"`
}
OIDCDiscoveryDocument represents the OpenID Connect discovery document
type ProtectedResourceMetadata ¶
type ProtectedResourceMetadata struct {
Resource string `json:"resource"` // REQUIRED: the protected resource's resource identifier URL
ResourceName string `json:"resource_name,omitempty"` // RECOMMENDED: human-readable name
AuthorizationServers []string `json:"authorization_servers,omitempty"` // OPTIONAL: list of authorization server URLs
ScopesSupported []string `json:"scopes_supported,omitempty"` // OPTIONAL: supported OAuth scopes
BearerMethodsSupported []string `json:"bearer_methods_supported,omitempty"` // OPTIONAL: supported bearer token methods
JWKSURI string `json:"jwks_uri,omitempty"` // OPTIONAL: JSON Web Key Set URI
}
ProtectedResourceMetadata represents the OAuth 2.0 Protected Resource Metadata as defined in RFC 9728
type TokenClaims ¶
type TokenClaims struct {
Subject string
Issuer string
Audience []string
Expiry *time.Time
IssuedAt *time.Time
NotBefore *time.Time
Scope string
ClientID string
Username string
Email string
}
TokenClaims represents extracted token claims
func GetClaimsFromContext ¶
func GetClaimsFromContext(ctx context.Context) *TokenClaims
GetClaimsFromContext returns the claims (if set) from the given context
type TokenValidator ¶
type TokenValidator struct {
// contains filtered or unexported fields
}
TokenValidator handles OAuth 2.0 token validation
func NewTokenValidator ¶
func NewTokenValidator(config TokenValidatorConfig) *TokenValidator
NewTokenValidator creates a new token validator with the given configuration
func (*TokenValidator) ValidateToken ¶
func (tv *TokenValidator) ValidateToken(ctx context.Context, tokenString string) (*TokenClaims, error)
ValidateToken validates a JWT token and returns extracted claims
Source Files