Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BuildAuthHeader ¶
func BuildAuthHeader(p AuthParams) (key string, value string, ok bool, err error)
BuildAuthHeader bearer-first (by mode) when reuse is enabled and target origin is allowed. Returns header key and value when applied, otherwise ok=false.
func MinTokenTTL ¶
MinTokenTTL returns a conservative minTTL for early refresh.
func WithBearerFirstRetry ¶
func WithBearerFirstRetry(p AuthParams, attempt AttemptFunc) (statusCode int, err error)
WithBearerFirstRetry performs a bearer-first attempt using BuildAuthHeader, and on 401/419 invalidates the access token, obtains a fresh one via the resolver, and retries once.
Types ¶
type AttemptFunc ¶
AttemptFunc executes a single HTTP attempt with the provided auth header key/value. It should return the HTTP status code and any error encountered making the request.
type AuthParams ¶
type AuthParams struct {
// Resolution inputs
Ctx context.Context
ReuseInput shared.ReuseAuthorizerResolutionInput
ModeInput shared.ReuseModeResolutionInput
// Target and policy
TargetOrigin string
Allowlist []string
AppAuthority authority.AuthAuthority
MCPAuthority authority.AuthAuthority
// Token resolution
TokenKey tokens.Key
Resolver *resolver.Resolver
// Observability
Tracer obs.Tracer
Metrics obs.Metrics
// Security hardening
AudienceAllowlist []string // if set, TokenKey.Audience must be in this list
AllowInsecure bool // default false; if false, do not send Authorization to non-HTTPS origins
}
AuthParams encapsulates inputs required to build an auth header for MCP requests.
Source Files
Click to show internal directories.
Click to hide internal directories.