oauth

package

v0.31.0 Latest Latest Go to latest Published: Feb 19, 2026 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/github/github-mcp-server

Links

Documentation ¶

Overview ¶

Package oauth provides OAuth 2.0 Protected Resource Metadata (RFC 9728) support for the GitHub MCP Server HTTP mode.

Index ¶

Constants
Variables
func BuildResourceMetadataURL(r *http.Request, cfg *Config, resourcePath string) string
func GetEffectiveHostAndScheme(r *http.Request, cfg *Config) (host, scheme string)
func ResolveResourcePath(r *http.Request, cfg *Config) string
type AuthHandler
- func NewAuthHandler(cfg *Config) (*AuthHandler, error)
- func (h *AuthHandler) RegisterRoutes(r chi.Router)
type Config

Constants ¶

View Source

const (
	// OAuthProtectedResourcePrefix is the well-known path prefix for OAuth protected resource metadata.
	OAuthProtectedResourcePrefix = "/.well-known/oauth-protected-resource"

	// DefaultAuthorizationServer is GitHub's OAuth authorization server.
	DefaultAuthorizationServer = "https://github.com/login/oauth"
)

Variables ¶

View Source

var SupportedScopes = []string{
	"repo",
	"read:org",
	"read:user",
	"user:email",
	"read:packages",
	"write:packages",
	"read:project",
	"project",
	"gist",
	"notifications",
	"workflow",
	"codespace",
}

SupportedScopes lists all OAuth scopes that may be required by MCP tools.

Functions ¶

func BuildResourceMetadataURL ¶

func BuildResourceMetadataURL(r *http.Request, cfg *Config, resourcePath string) string

BuildResourceMetadataURL constructs the full URL to the OAuth protected resource metadata endpoint.

func GetEffectiveHostAndScheme ¶

func GetEffectiveHostAndScheme(r *http.Request, cfg *Config) (host, scheme string)

GetEffectiveHostAndScheme returns the effective host and scheme for a request.

func ResolveResourcePath ¶

func ResolveResourcePath(r *http.Request, cfg *Config) string

ResolveResourcePath returns the externally visible resource path for a request. Exported for use by middleware.

Types ¶

type AuthHandler ¶

type AuthHandler struct {
	// contains filtered or unexported fields
}

AuthHandler handles OAuth-related HTTP endpoints.

func NewAuthHandler ¶

func NewAuthHandler(cfg *Config) (*AuthHandler, error)

NewAuthHandler creates a new OAuth auth handler.

func (*AuthHandler) RegisterRoutes ¶

func (h *AuthHandler) RegisterRoutes(r chi.Router)

RegisterRoutes registers the OAuth protected resource metadata routes.

type Config ¶

type Config struct {
	// BaseURL is the publicly accessible URL where this server is hosted.
	// This is used to construct the OAuth resource URL.
	BaseURL string

	// AuthorizationServer is the OAuth authorization server URL.
	// Defaults to GitHub's OAuth server if not specified.
	AuthorizationServer string

	// ResourcePath is the externally visible base path for the MCP server (e.g., "/mcp").
	// This is used to restore the original path when a proxy strips a base path before forwarding.
	// If empty, requests are treated as already using the external path.
	ResourcePath string
}

Config holds the OAuth configuration for the MCP server.

Source Files ¶

View all Source files

oauth.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL