phoenix-oss/open-mcp-auth-proxy
1
0
Fork 0
forked from phoenix-oss/open-mcp-auth-proxy-upstream
Code Pull requests Releases Packages 1 Activity Actions

adjust configuration to kvant

Browse source
This commit is contained in:
Angel Nunez Mencias 2025-05-19 10:25:27 +02:00
parent ad5185ad72
commit e0beca18cf
Signed by: angel.nunez
SSH key fingerprint: SHA256:z1nFAg1v1AfbhEHrgBetByUJUwziv2R2f4VyN75opcg
4 changed files with 153 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

71
.github/workflows/ci.yaml vendored Normal file
View file

@ -0,0 +1,71 @@
name: Build and Push container
run-name: Build and Push container
on:
workflow_dispatch:
#schedule:
# - cron: "0 10 * * *"
push:
branches:
- 'main'
- 'master'
tags:
- 'v*'
pull_request:
branches:
- 'main'
- 'master'
env:
IMAGE: git.kvant.cloud/${{github.repository}}
jobs:
build_concierge_backend:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set current time
uses: https://github.com/gerred/actions/current-time@master
id: current_time
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to git.kvant.cloud registry
uses: docker/login-action@v3
with:
registry: git.kvant.cloud
username: ${{ vars.ORG_PACKAGE_WRITER_USERNAME }}
password: ${{ secrets.ORG_PACKAGE_WRITER_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
# list of Docker images to use as base name for tags
images: |
${{env.IMAGE}}
# generate Docker tags based on the following events/attributes
tags: |
type=schedule
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
- name: Build and push to gitea registry
uses: docker/build-push-action@v6
with:
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
context: .
provenance: mode=max
sbom: true
build-args: |
BUILD_DATE=${{ steps.current_time.outputs.time }}
cache-from: |
type=registry,ref=${{ env.IMAGE }}:buildcache
type=registry,ref=${{ env.IMAGE }}:${{ github.ref_name }}
type=registry,ref=${{ env.IMAGE }}:main
cache-to: type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max,image-manifest=true

47
Dockerfile Normal file
View file

@ -0,0 +1,47 @@
FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.24@sha256:d9db32125db0c3a680cfb7a1afcaefb89c898a075ec148fdc2f0f646cc2ed509 AS build
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG TARGETOS
ARG TARGETARCH
WORKDIR /workspace
RUN apt update -qq && apt install -qq -y git bash curl g++
# Download libraries
ADD go.* .
RUN go mod download
# Build
ADD cmd cmd
ADD internal internal
RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o webhook -ldflags '-w -extldflags "-static"' -o openmcpauthproxy ./cmd/proxy
#Test
RUN CGO_ENABLED=1 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go test -v -race ./...
# Build production container
FROM --platform=${BUILDPLATFORM:-linux/amd64} ubuntu:24.04
RUN apt-get update \
&& apt-get install --no-install-recommends -y \
python3-pip \
python-is-python3 \
npm \
&& apt-get autoremove \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
COPY --from=build /workspace/openmcpauthproxy /app/
ADD config.yaml /app
RUN find .
ENTRYPOINT ["/app/openmcpauthproxy"]
ARG IMAGE_SOURCE
LABEL org.opencontainers.image.source=$IMAGE_SOURCE

6
cmd/proxy/main.go
View file

@ -12,7 +12,7 @@ import (
"github.com/wso2/open-mcp-auth-proxy/internal/authz" "github.com/wso2/open-mcp-auth-proxy/internal/authz"
"github.com/wso2/open-mcp-auth-proxy/internal/config" "github.com/wso2/open-mcp-auth-proxy/internal/config"
"github.com/wso2/open-mcp-auth-proxy/internal/constants" "github.com/wso2/open-mcp-auth-proxy/internal/constants"
"github.com/wso2/open-mcp-auth-proxy/internal/logging" logger "github.com/wso2/open-mcp-auth-proxy/internal/logging"
"github.com/wso2/open-mcp-auth-proxy/internal/proxy" "github.com/wso2/open-mcp-auth-proxy/internal/proxy"
"github.com/wso2/open-mcp-auth-proxy/internal/subprocess" "github.com/wso2/open-mcp-auth-proxy/internal/subprocess"
"github.com/wso2/open-mcp-auth-proxy/internal/util" "github.com/wso2/open-mcp-auth-proxy/internal/util"
@ -58,7 +58,7 @@ func main() {
logger.Warn("%v", err) logger.Warn("%v", err)
logger.Warn("Subprocess may fail to start due to missing dependencies") logger.Warn("Subprocess may fail to start due to missing dependencies")
} }
procManager = subprocess.NewManager() procManager = subprocess.NewManager()
if err := procManager.Start(cfg); err != nil { if err := procManager.Start(cfg); err != nil {
logger.Warn("Failed to start subprocess: %v", err) logger.Warn("Failed to start subprocess: %v", err)
@ -95,7 +95,7 @@ func main() {
// 5. Build the main router // 5. Build the main router
mux := proxy.NewRouter(cfg, provider) mux := proxy.NewRouter(cfg, provider)
listen_address := fmt.Sprintf(":%d", cfg.ListenPort) listen_address := fmt.Sprintf("0.0.0.0:%d", cfg.ListenPort)
// 6. Start the server // 6. Start the server
srv := &http.Server{ srv := &http.Server{

48
config.yaml
View file

@ -6,13 +6,8 @@ base_url: "http://localhost:8000" # Base URL for the MCP server
port: 8000 # Port for the MCP server port: 8000 # Port for the MCP server
timeout_seconds: 10 timeout_seconds: 10
# Path configuration
paths:
sse: "/sse" # SSE endpoint path
messages: "/messages/" # Messages endpoint path
# Transport mode configuration # Transport mode configuration
transport_mode: "sse" # Options: "sse" or "stdio" transport_mode: "stdio" # Options: "sse" or "stdio"
# stdio-specific configuration (used only when transport_mode is "stdio") # stdio-specific configuration (used only when transport_mode is "stdio")
stdio: stdio:
@ -22,13 +17,10 @@ stdio:
# env: # Environment variables (optional) # env: # Environment variables (optional)
# - "NODE_ENV=development" # - "NODE_ENV=development"
# Path mapping (optional) # CORS settings
path_mapping:
# CORS configuration
cors: cors:
allowed_origins: allowed_origins:
- "http://localhost:5173" - "http://localhost:6274" # Origin of your frontend/client app
allowed_methods: allowed_methods:
- "GET" - "GET"
- "POST" - "POST"
@ -40,8 +32,32 @@ cors:
- "mcp-protocol-version" - "mcp-protocol-version"
allow_credentials: true allow_credentials: true
# Demo configuration for Asgardeo # Keycloak endpoint path mappings
demo: path_mapping:
org_name: "openmcpauthdemo" sse: "/sse" # SSE endpoint path
client_id: "N0U9e_NNGr9mP_0fPnPfPI0a6twa" messages: "/messages/" # Messages endpoint path
client_secret: "qFHfiBp5gNGAO9zV4YPnDofBzzfInatfUbHyPZvM0jka" /token: /realms/master/protocol/openid-connect/token
/register: /realms/master/clients-registrations/openid-connect
# Keycloak configuration block
default:
base_url: "https://iam.phoenix-systems.ch"
jwks_url: "https://iam.phoenix-systems.ch/realms/kvant/protocol/openid-connect/certs"
path:
/.well-known/oauth-authorization-server:
response:
issuer: "https://iam.phoenix-systems.ch/realms/kvant"
jwks_uri: "https://iam.phoenix-systems.ch/realms/kvant/protocol/openid-connect/certs"
authorization_endpoint: "https://iam.phoenix-systems.ch/realms/kvant/protocol/openid-connect/auth"
response_types_supported:
- "code"
grant_types_supported:
- "authorization_code"
- "refresh_token"
code_challenge_methods_supported:
- "S256"
- "plain"
/token:
addBodyParams:
- name: "audience"
value: "mcp_proxy"