feat(auth): .well-known endpoints delegated to auth server #246

manusa · 2025-08-07T07:15:50Z

Signed-off-by: Marc Nuri <marc@marcnuri.com>

ardaguclu · 2025-08-07T07:36:13Z

pkg/http/authorization.go

@@ -32,9 +33,6 @@ func AuthorizationMiddleware(requireOAuth bool, serverURL string, oidcProvider *
 			}

 			audience := Audience
-			if serverURL != "" {


Removal of this makes sense for demo purposes. But in the future, we need to have server url specific audience, otherwise, any user can generate a token for mcp-server audience and sends here.

Was thinking of providing the audience via config flag (considering our internal document for the Keycloak integration)

Getting audience via flag is a good idea.

feat(auth): .well-known endpoints delegated to auth server

5057425

Signed-off-by: Marc Nuri <marc@marcnuri.com>

manusa force-pushed the feat/well-known branch from f697d5a to 5057425 Compare August 7, 2025 07:31

ardaguclu reviewed Aug 7, 2025

View reviewed changes

manusa merged commit 9ec5c82 into containers:main Aug 7, 2025
6 checks passed

manusa deleted the feat/well-known branch August 7, 2025 07:49

manusa added this to the 0.1.0 milestone Aug 7, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat(auth): .well-known endpoints delegated to auth server #246

feat(auth): .well-known endpoints delegated to auth server #246

Uh oh!

manusa commented Aug 7, 2025

Uh oh!

ardaguclu Aug 7, 2025

Uh oh!

manusa Aug 7, 2025

Uh oh!

ardaguclu Aug 7, 2025

Uh oh!

Uh oh!

Uh oh!

feat(auth): .well-known endpoints delegated to auth server #246

feat(auth): .well-known endpoints delegated to auth server #246

Uh oh!

Conversation

manusa commented Aug 7, 2025

Uh oh!

ardaguclu Aug 7, 2025

Choose a reason for hiding this comment

Uh oh!

manusa Aug 7, 2025

Choose a reason for hiding this comment

Uh oh!

ardaguclu Aug 7, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!