-
Notifications
You must be signed in to change notification settings - Fork 233
feat(mcp): add OAuth 2.1 authorization with per-tool scope extraction #2636
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
51 commits
Select commit
Hold shift + click to select a range
f80275a
feat(mcp): add OAuth 2.1 authorization with per-tool scope extraction…
asoorm 4bda41a
fix(mcp): address code review findings for OAuth auth middleware
asoorm e966e52
fix(mcp): validate redirect_uri and remove scaffold test code
asoorm 1b9a10c
refactor(mcp): simplify OAuth auth middleware and address review find…
asoorm 3877456
fix(mcp): align go.mod dependencies with main branch
asoorm df167f7
fix(mcp): cap scope combinations to prevent unbounded growth
asoorm 8f2b53d
fix(mcp): add language tags to code blocks
asoorm 3559108
fix(mcp): inject request headers into context for tool handlers
asoorm c9f3cce
fix(mcp): surface auth errors from Connect for OAuth discovery flow
asoorm 290ff87
fix: run go mod tidy for router
asoorm 325cc4b
fix: run go mod tidy for router-tests
asoorm 39fc0bb
feat(mcp): make max scope combinations configurable
asoorm 18a5dd7
fix: gofmt router-tests files
asoorm c8200f1
fix: update config golden fixtures for max_scope_combinations
asoorm 2307f80
fix(mcp): wire stateless mode to new SDK and fix integration tests
asoorm 94ce881
test(mcp): assert 415 for non-standard Content-Type params after SDK …
asoorm 76d3aea
fix(mcp): disable SDK cross-origin protection in favor of router CORS…
asoorm a9df0f7
test(mcp): expand OAuth scope E2E tests and add debug tooling
asoorm 41a1448
test(mcp): add MCP OAuth E2E test project files
asoorm 0b394fa
fix: update debug proxy description to be client-agnostic
asoorm 412360c
Merge branch 'main' into ahmet/mcp-per-tool-scope-extraction
asoorm 14b3c81
Merge branch 'main' into ahmet/mcp-per-tool-scope-extraction
asoorm 8b2cad3
chore: license mcp-ts as Apache-2.0
asoorm 61a5994
test(mcp): make expected operation info readable with raw strings
asoorm ef3bbc4
test(router): adapt containers/image WWW-Authenticate parser
asoorm e8491ce
test(mcp): move OAuth e2e tests into protocol/ so CI picks them up
asoorm e41a605
test(mcp): fix OAuth per-tool scope enforcement tests
asoorm 5702537
test(mcp): drop per-route list from OAuthTestServer doc comment
asoorm 4514d1f
refactor(mcp): make MaxScopeCombinations default explicit
asoorm bd6f1a1
refactor(mcp): port debug proxy from TypeScript to Go
asoorm 4a15138
docs(mcp): move OAuth sample config alongside other router examples
asoorm b48c627
Merge branch 'main' into ahmet/mcp-per-tool-scope-extraction
asoorm 0ad51ed
Update router/pkg/mcpserver/auth_middleware.go
asoorm 5a7645f
Update router/pkg/mcpserver/auth_middleware.go
asoorm 4f3dbfa
Merge branch 'main' into ahmet/mcp-per-tool-scope-extraction
asoorm c07310b
Update router/pkg/mcpserver/auth_middleware.go
asoorm 498d081
Merge branch 'main' into ahmet/mcp-per-tool-scope-extraction
asoorm f51c5de
Update router-tests/testutil/oauth_server.go
asoorm 66d2c78
test(router): rename mcp_auth_e2e_test.go to mcp_auth_client_test.go …
asoorm 5b70af8
test(router): use httptest.NewServer in OAuthTestServer to avoid free…
asoorm 2279b1f
refactor(router): extract MCP server bootstrap into startMCPServer me…
asoorm 5b75c37
fix(router): avoid leaking wrapped auth error details in WWW-Authenti…
asoorm b42ee9e
refactor(router): unexport scope challenge helpers used only in-package
asoorm ed8b064
test(router): use portless example URL in mcp auth test constants
asoorm 08d41cd
fix(router): propagate walker errors from scope extraction to fail cl…
asoorm 9e1b533
test(router): document cross-product edge cases for empty OR and AND …
asoorm 732b5d1
refactor(router): derive mcp server context from caller, drop unused …
asoorm 7dd0a38
fix(router): guard validation error causes access against empty slice
asoorm 1cf4c29
refactor(router): use raw string literal for operation info error
asoorm 387979b
refactor(router): rename mcp oauth tests to ACE sentence pattern
asoorm 99839a8
refactor(router): rename mcp unit tests to ACE sentence pattern
asoorm File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| { | ||
| "name": "mcp-ts", | ||
| "version": "1.0.0", | ||
| "description": "MCP OAuth scope enforcement E2E tests using the official MCP TypeScript SDK", | ||
| "type": "module", | ||
| "scripts": { | ||
| "test": "vitest run", | ||
| "test:watch": "vitest watch" | ||
| }, | ||
| "keywords": [], | ||
| "author": "", | ||
| "license": "Apache-2.0", | ||
| "packageManager": "pnpm@9.12.3", | ||
| "devDependencies": { | ||
| "@modelcontextprotocol/sdk": "^1.29.0", | ||
| "@types/node": "^22.19.15", | ||
| "typescript": "^5.9.3", | ||
| "vitest": "^3.2.4" | ||
| } | ||
| } |
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.