Documentation
¶
Overview ¶
Package remote provides authentication handling for remote MCP servers.
This package implements OAuth/OIDC-based authentication with automatic discovery support for remote MCP servers. It handles:
- OAuth issuer discovery (RFC 8414)
- Protected resource metadata (RFC 9728)
- OAuth flow execution (PKCE-based)
- Token source creation for HTTP transports
The main entry point is Handler.Authenticate() which takes a remote URL and performs all necessary discovery and authentication steps.
Configuration is defined in pkg/runner.RemoteAuthConfig as part of the runner's RunConfig structure.
Index ¶
Constants ¶
const DefaultCallbackPort = 8666
DefaultCallbackPort is the default port for the OAuth callback server
Variables ¶
This section is empty.
Functions ¶
func DefaultResourceIndicator ¶
DefaultResourceIndicator derives the resource indicator (RFC 8707) from the remote server URL. This function should only be called when the user has not explicitly provided a resource indicator. If the resource indicator cannot be derived, it returns an empty string.
Types ¶
type Config ¶
type Config struct {
ClientID string `json:"client_id,omitempty" yaml:"client_id,omitempty"`
ClientSecret string `json:"client_secret,omitempty" yaml:"client_secret,omitempty"`
ClientSecretFile string `json:"client_secret_file,omitempty" yaml:"client_secret_file,omitempty"`
Scopes []string `json:"scopes,omitempty" yaml:"scopes,omitempty"`
SkipBrowser bool `json:"skip_browser,omitempty" yaml:"skip_browser,omitempty"`
Timeout time.Duration `json:"timeout,omitempty" yaml:"timeout,omitempty" swaggertype:"string" example:"5m"`
CallbackPort int `json:"callback_port,omitempty" yaml:"callback_port,omitempty"`
UsePKCE bool `json:"use_pkce" yaml:"use_pkce"`
// Resource is the OAuth 2.0 resource indicator (RFC 8707).
Resource string `json:"resource,omitempty" yaml:"resource,omitempty"`
// OAuth endpoint configuration (from registry)
Issuer string `json:"issuer,omitempty" yaml:"issuer,omitempty"`
AuthorizeURL string `json:"authorize_url,omitempty" yaml:"authorize_url,omitempty"`
TokenURL string `json:"token_url,omitempty" yaml:"token_url,omitempty"`
// Headers for HTTP requests
Headers []*registry.Header `json:"headers,omitempty" yaml:"headers,omitempty"`
// Environment variables for the client
EnvVars []*registry.EnvVar `json:"env_vars,omitempty" yaml:"env_vars,omitempty"`
// OAuth parameters for server-specific customization
OAuthParams map[string]string `json:"oauth_params,omitempty" yaml:"oauth_params,omitempty"`
}
Config holds authentication configuration for remote MCP servers. Supports OAuth/OIDC-based authentication with automatic discovery.
func (*Config) UnmarshalJSON ¶
UnmarshalJSON implements custom JSON unmarshaling for backward compatibility This handles both the old PascalCase format and the new snake_case format
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
Handler handles authentication for remote MCP servers. Supports OAuth/OIDC-based authentication with automatic discovery.
func NewHandler ¶
NewHandler creates a new remote authentication handler
func (*Handler) Authenticate ¶
Authenticate is the main entry point for remote MCP server authentication
Source Files