factory

package
v0.11.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 12, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package factory provides factory functions for creating vMCP authentication components.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewIncomingAuthMiddleware 

func NewIncomingAuthMiddleware(
	ctx context.Context,
	cfg *config.IncomingAuthConfig,
) (
	authMw func(http.Handler) http.Handler,
	authzMw func(http.Handler) http.Handler,
	authInfoHandler http.Handler,
	err error,
)

NewIncomingAuthMiddleware creates HTTP middleware for incoming authentication and authorization based on the vMCP configuration.

This factory handles all incoming auth types:

  • "oidc": OIDC token validation
  • "local": Local OS user authentication
  • "anonymous": Anonymous user (no authentication required)

Authentication and authorization are returned as separate middleware to allow the caller to insert discovery and annotation-enrichment middleware between them. This ensures the authz middleware can access tool annotations populated by the discovery pipeline.

All middleware types now directly create and inject Identity into the context, eliminating the need for a separate conversion layer.

Returns:

  • authMw: Composed auth + MCP parser middleware (auth runs first, then parser)
  • authzMw: Authorization middleware (nil if authz is not configured)
  • authInfoHandler: Handler for /.well-known/oauth-protected-resource endpoint (may be nil)
  • err: Error if middleware creation fails

func NewOutgoingAuthRegistry 

func NewOutgoingAuthRegistry(
	_ context.Context,
	envReader env.Reader,
) (auth.OutgoingAuthRegistry, error)

NewOutgoingAuthRegistry creates an OutgoingAuthRegistry with all available strategies.

All strategies are registered upfront since they're cheap and mostly stateless (except token_exchange which has internal caching). This simplifies the factory and eliminates the need for on-demand strategy registration based on configuration.

Registered Strategies:

  • "unauthenticated": Default fallback for backends without auth
  • "header_injection": Custom HTTP header injection
  • "token_exchange": RFC-8693 OAuth 2.0 token exchange

Parameters:

  • ctx: Context for any initialization that requires it
  • envReader: Environment variable reader for dependency injection

Returns:

  • auth.OutgoingAuthRegistry: Registry with all strategies registered
  • error: Any error during strategy initialization or registration

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.