Documentation
¶
Index ¶
- func AuthMiddleware(requireAuth bool) func(http.Handler) http.Handler
- func MCPAuthGateway(resourceMetadataURL string) func(http.Handler) http.Handler
- func OptionalAuth() func(http.Handler) http.Handler
- func RequireAuth() func(http.Handler) http.Handler
- func RequireAuthWithOAuth(resourceMetadataURL string) func(http.Handler) http.Handler
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AuthMiddleware ¶
AuthMiddleware extracts authentication tokens from HTTP headers and adds them to the request context. This middleware should be applied to SSE handlers to enable HTTP-level authentication.
func MCPAuthGateway ¶ added in v0.13.2
MCPAuthGateway creates HTTP middleware that gates access for MCP endpoints.
When no credentials (Bearer token or API key) are present, it returns HTTP 401 with a WWW-Authenticate header that triggers the OAuth discovery flow in MCP clients (Claude.ai, Claude Desktop).
Per the MCP authorization spec and RFC 9728, the header includes:
WWW-Authenticate: Bearer resource_metadata="<url>"
The resourceMetadataURL should point to the server's /.well-known/oauth-protected-resource endpoint.
This middleware does NOT validate tokens — it only checks for their presence. Actual token validation happens in the MCP protocol middleware chain.
func OptionalAuth ¶
OptionalAuth returns middleware that allows anonymous requests.
func RequireAuth ¶
RequireAuth returns middleware that requires authentication.
func RequireAuthWithOAuth ¶ added in v0.13.2
RequireAuthWithOAuth returns middleware that requires authentication and includes the WWW-Authenticate header with resource metadata URL in 401 responses, enabling OAuth discovery for MCP clients.
Types ¶
This section is empty.
Source Files