Documentation
¶
Overview ¶
Package factory provides factory functions for creating vMCP authentication components.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewIncomingAuthMiddleware ¶
func NewIncomingAuthMiddleware( ctx context.Context, cfg *config.IncomingAuthConfig, ) (func(http.Handler) http.Handler, http.Handler, error)
NewIncomingAuthMiddleware creates HTTP middleware for incoming authentication based on the vMCP configuration.
This factory handles all incoming auth types:
- "oidc": OIDC token validation
- "local": Local OS user authentication
- "anonymous": Anonymous user (no authentication required)
All middleware types now directly create and inject Identity into the context, eliminating the need for a separate conversion layer.
Returns:
- Authentication middleware function
- AuthInfo handler (for /.well-known/oauth-protected-resource endpoint, may be nil)
- Error if middleware creation fails
func NewOutgoingAuthRegistry ¶
func NewOutgoingAuthRegistry( _ context.Context, envReader env.Reader, ) (auth.OutgoingAuthRegistry, error)
NewOutgoingAuthRegistry creates an OutgoingAuthRegistry with all available strategies.
All strategies are registered upfront since they're cheap and mostly stateless (except token_exchange which has internal caching). This simplifies the factory and eliminates the need for on-demand strategy registration based on configuration.
Registered Strategies:
- "unauthenticated": Default fallback for backends without auth
- "header_injection": Custom HTTP header injection
- "token_exchange": RFC-8693 OAuth 2.0 token exchange
Parameters:
- ctx: Context for any initialization that requires it
- envReader: Environment variable reader for dependency injection
Returns:
- auth.OutgoingAuthRegistry: Registry with all strategies registered
- error: Any error during strategy initialization or registration
Types ¶
This section is empty.
Source Files