Update scope validation implementation

2025-07-03 03:15:07 +00:00 · 2025-05-21 10:00:01 +05:30 · 2025-05-21 10:00:01 +05:30 · 64caaa0f7c
commit 64caaa0f7c
parent 5c22f36ddc
7 changed files with 202 additions and 138 deletions
--- a/cmd/proxy/main.go
+++ b/cmd/proxy/main.go
@ -11,7 +11,6 @@ import (

 	"github.com/wso2/open-mcp-auth-proxy/internal/authz"
 	"github.com/wso2/open-mcp-auth-proxy/internal/config"
-	"github.com/wso2/open-mcp-auth-proxy/internal/constants"
 	"github.com/wso2/open-mcp-auth-proxy/internal/logging"
 	"github.com/wso2/open-mcp-auth-proxy/internal/proxy"
 	"github.com/wso2/open-mcp-auth-proxy/internal/subprocess"
@ -68,23 +67,7 @@ func main() {
 	}

 	// 3. Create the chosen provider
-	var provider authz.Provider
-	if *demoMode {
-		cfg.Mode = "demo"
-		cfg.AuthServerBaseURL = constants.ASGARDEO_BASE_URL + cfg.Demo.OrgName + "/oauth2"
-		cfg.JWKSURL = constants.ASGARDEO_BASE_URL + cfg.Demo.OrgName + "/oauth2/jwks"
-		provider = authz.NewAsgardeoProvider(cfg)
-	} else if *asgardeoMode {
-		cfg.Mode = "asgardeo"
-		cfg.AuthServerBaseURL = constants.ASGARDEO_BASE_URL + cfg.Asgardeo.OrgName + "/oauth2"
-		cfg.JWKSURL = constants.ASGARDEO_BASE_URL + cfg.Asgardeo.OrgName + "/oauth2/jwks"
-		provider = authz.NewAsgardeoProvider(cfg)
-	} else {
-		cfg.Mode = "default"
-		cfg.JWKSURL = cfg.Default.JWKSURL
-		cfg.AuthServerBaseURL = cfg.Default.BaseURL
-		provider = authz.NewDefaultProvider(cfg)
-	}
+	var provider authz.Provider = MakeProvider(cfg, *demoMode, *asgardeoMode)

 	// 4. (Optional) Fetch JWKS if you want local JWT validation
 	if err := util.FetchJWKS(cfg.JWKSURL); err != nil {
--- a/cmd/proxy/provider.go
+++ b/cmd/proxy/provider.go
@ -0,0 +1,45 @@
+package main
+
+import (
+	"github.com/wso2/open-mcp-auth-proxy/internal/authz"
+	"github.com/wso2/open-mcp-auth-proxy/internal/config"
+	"github.com/wso2/open-mcp-auth-proxy/internal/constants"
+)
+
+func MakeProvider(cfg *config.Config, demoMode, asgardeoMode bool) authz.Provider {
+    var mode, orgName string
+    switch {
+    case demoMode:
+        mode = "demo"
+        orgName = cfg.Demo.OrgName
+    case asgardeoMode:
+        mode = "asgardeo"
+        orgName = cfg.Asgardeo.OrgName
+    default:
+        mode = "default"
+    }
+    cfg.Mode = mode
+
+    switch mode {
+    case "demo", "asgardeo":
+        if len(cfg.AuthorizationServers) == 0 && cfg.JwksURI == "" {
+            base := constants.ASGARDEO_BASE_URL + orgName + "/oauth2"
+            cfg.AuthServerBaseURL = base
+            cfg.JWKSURL = base + "/jwks"
+        } else {
+            cfg.AuthServerBaseURL = cfg.AuthorizationServers[0]
+            cfg.JWKSURL = cfg.JwksURI
+        }
+        return authz.NewAsgardeoProvider(cfg)
+
+    default:
+        if cfg.Default.BaseURL != "" && cfg.Default.JWKSURL != "" {
+            cfg.AuthServerBaseURL = cfg.Default.BaseURL
+            cfg.JWKSURL = cfg.Default.JWKSURL
+        } else if len(cfg.AuthorizationServers) > 0 {
+            cfg.AuthServerBaseURL = cfg.AuthorizationServers[0]
+            cfg.JWKSURL = cfg.JwksURI
+        }
+        return authz.NewDefaultProvider(cfg)
+    }
+}