Introduce OIDC token verification if authorization-url is specified#172
Closed
ardaguclu wants to merge 14 commits intocontainers:mainfrom
Closed
Introduce OIDC token verification if authorization-url is specified#172ardaguclu wants to merge 14 commits intocontainers:mainfrom
ardaguclu wants to merge 14 commits intocontainers:mainfrom
Conversation
When this flag is enabled, authorization middleware will be turned on. When this flag is enabled, Derived which is generated based on the client token will not be used.
This commit adds authorization middleware. Additionally, this commit rejects the requests if the bearer token is absent in Authorization header of the request.
Per Model Context Protocol specification, MCP Servers must check the audience field of the token to ensure that they are generated specifically for them. This commits parses the JWT token and asserts that audience is correct and token is not expired.
This commit sends online token verification by sending request to TokenReview endpoint of API Server with the token and expected audience. If API Server returns the status as authenticated, that means this token can be used to generate a new ad hoc token for MCP Server. If API Server returns the status as not authenticated, that means this token is invalid and MCP Server returns 401 to force the client to initiate OAuth flow.
Member
Author
|
This one has became obsolete. I'll open a new one. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is continuation of #170 that provides foundational work. Currently many changes in this PR is coming from there. Basically last 3 commits belong to this PR.
Sending TokenReview request to API Server works with an assumption that this token will be used in the same cluster that MCP Server is running on. This is valid for most of cases where MCP Server and users are on the same cluster.
However, multi-tenant environments where token can belong to another API server other than the MCP Server is running on needs different approach. Because host name difference causes the failure of TokenReview request, as the token is issued for another cluster.
In order to mitigate the issue (not fully fixing, because we still use the MCP Server's host name) this PR proposes if the authorization url is specified in MCP Server, the token passed in Authorization header can/should be verified against the given OIDC Provider instead of sending TokenReview request to API Server.