mirror of
https://github.com/wso2/open-mcp-auth-proxy.git
synced 2025-06-28 01:23:30 +00:00
Update the README.md file
This commit is contained in:
NipuniBhagya
parent
7d64cc4093
commit
d3909a98de
1 changed files with 11 additions and 12 deletions
23
README.md
23
README.md
|
|
@ -20,7 +20,7 @@ A lightweight authorization proxy for Model Context Protocol (MCP) servers that
|
||||||
|
|
||||||
## 🚀 Features
|
## 🚀 Features
|
||||||
|
|
||||||
- **Dynamic Authorization** based on MCP Authorization Specification (v1 and v2).
|
- **Dynamic Authorization** based on MCP Authorization Specification.
|
||||||
- **JWT Validation** (signature, audience, and scopes).
|
- **JWT Validation** (signature, audience, and scopes).
|
||||||
- **Identity Provider Integration** (OAuth/OIDC via Asgardeo, Auth0, Keycloak).
|
- **Identity Provider Integration** (OAuth/OIDC via Asgardeo, Auth0, Keycloak).
|
||||||
- **Protocol Version Negotiation** via `MCP-Protocol-Version` header.
|
- **Protocol Version Negotiation** via `MCP-Protocol-Version` header.
|
||||||
|
|
@ -29,10 +29,10 @@ A lightweight authorization proxy for Model Context Protocol (MCP) servers that
|
||||||
|
|
||||||
## 📌 MCP Specification Verions
|
## 📌 MCP Specification Verions
|
||||||
|
|
||||||
| Version | Date | Behavior |
|
| Version | Behavior |
|
||||||
| :------ | :-------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
| :-------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||||
| **v1** | *before* 2025-03-26 | Only signature check of Bearer JWT on both `/sse` and `/message`<br> No scope or audience enforcement |
|
| 2025-03-26 | Only signature check of Bearer JWT on both `/sse` and `/message`<br> No scope or audience enforcement |
|
||||||
| **v2** | *on/after* 2025-03-26 | Read `MCP-Protocol-Version` from client header<br> SSE handshake returns `WWW-Authenticate: Bearer resource_metadata="…"`<br> `/message` enforces:<br> 1. `aud` claim == `ResourceIdentifier`<br> 2. `scope` claim contains per-path `requiredScope`<br> 3. PolicyEngine decision<br> Rich `WWW-Authenticate` on 401s<br> Serves `/.well-known/oauth-protected-resource` JSON |
|
| Latest(draft) | Read `MCP-Protocol-Version` from client header<br> SSE handshake returns `WWW-Authenticate: Bearer resource_metadata="…"`<br> `/message` enforces:<br> 1. `aud` claim == `ResourceIdentifier`<br> 2. `scope` claim contains per-path `requiredScope`<br> 3. PolicyEngine decision<br> Rich `WWW-Authenticate` on 401s<br> Serves `/.well-known/oauth-protected-resource` JSON |
|
||||||
|
|
||||||
> ⚠️ **Note:** MCP v2 support is available **only in SSE mode**. The stdio mode supports only v1.
|
> ⚠️ **Note:** MCP v2 support is available **only in SSE mode**. The stdio mode supports only v1.
|
||||||
|
|
||||||
|
|
@ -106,7 +106,6 @@ asgardeo:
|
||||||
client_id: "<client_id>" # Client ID of the M2M app
|
client_id: "<client_id>" # Client ID of the M2M app
|
||||||
client_secret: "<client_secret>" # Client secret of the M2M app
|
client_secret: "<client_secret>" # Client secret of the M2M app
|
||||||
|
|
||||||
# Only required if you are using the latest version of the MCP specification
|
|
||||||
resource_identifier: "http://localhost:8080" # URL of the MCP proxy server
|
resource_identifier: "http://localhost:8080" # URL of the MCP proxy server
|
||||||
authorization_servers:
|
authorization_servers:
|
||||||
- "https://example.idp.com" # Base URL of the identity provider
|
- "https://example.idp.com" # Base URL of the identity provider
|
||||||
|
|
@ -245,14 +244,14 @@ asgardeo:
|
||||||
org_name: "<org_name>"
|
org_name: "<org_name>"
|
||||||
client_id: "<client_id>"
|
client_id: "<client_id>"
|
||||||
client_secret: "<client_secret>"
|
client_secret: "<client_secret>"
|
||||||
# Required according to the latest MCP specification
|
|
||||||
resource_identifier: "http://localhost:8080"
|
resource_identifier: "http://localhost:8080"
|
||||||
scopes_supported:
|
scopes_supported: # Define the required scopes for the MCP server
|
||||||
"/get-alerts": "mcp_proxy"
|
"tools": "read:tools"
|
||||||
"/get-forecast": "mcp_proxy"
|
"resources": "read:resources"
|
||||||
|
audience: "<audience_value>"
|
||||||
authorization_servers:
|
authorization_servers:
|
||||||
- "https://dev-3l9-ppfg.us.auth0.com"
|
- "https://api.asgardeo.io/t/acme"
|
||||||
jwks_uri: "https://dev-3l9-ppfg.us.auth0.com/.well-known/jwks.json"
|
jwks_uri: "https://api.asgardeo.io/t/acme/oauth2/jwks"
|
||||||
bearer_methods_supported:
|
bearer_methods_supported:
|
||||||
- header
|
- header
|
||||||
- body
|
- body
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue