From 03b7978b089ecfae309f6364afbe41f14e8bd5d0 Mon Sep 17 00:00:00 2001 From: Pavindu Lakshan Date: Thu, 17 Apr 2025 15:17:50 +0530 Subject: [PATCH 01/10] Improve ordering in README --- README.md | 78 +++++++++++++++++++++++-------------------------------- 1 file changed, 33 insertions(+), 45 deletions(-) diff --git a/README.md b/README.md index f13d709..8fe18d6 100644 --- a/README.md +++ b/README.md @@ -19,17 +19,26 @@ Open MCP Auth Proxy sits between MCP clients and your MCP server to: * Go 1.20 or higher * A running MCP server + +> If you don't have an MCP server, you can use the included example: +> +> 1. Navigate to the `resources` directory +> 2. Set up a Python environment: +> +> ```bash +> python3 -m venv .venv +> source .venv/bin/activate +> pip3 install -r requirements.txt +> ``` +> +> 3. Start the example server: +> +> ```bash +> python3 echo_server.py +> ``` + * An MCP client that supports MCP authorization -### Installation - -```bash -git clone https://github.com/wso2/open-mcp-auth-proxy -cd open-mcp-auth-proxy -go get github.com/golang-jwt/jwt/v4 gopkg.in/yaml.v2 -go build -o openmcpauthproxy ./cmd/proxy -``` - ### Basic Usage 1. The repository comes with a default `config.yaml` file that contains the basic configuration: @@ -50,29 +59,18 @@ paths: 3. Connect using an MCP client like [MCP Inspector](https://github.com/shashimalcse/inspector)(This is a temporary fork with fixes for authentication [issues](https://github.com/modelcontextprotocol/typescript-sdk/issues/257) in the original implementation) -## Identity Provider Integration +## Connect an Identity Provider -### Demo Mode +### Asgardeo -For quick testing, use the `--demo` flag which includes pre-configured authentication and authorization with an Asgardeo sandbox. - -```bash -./openmcpauthproxy --demo -``` - -### Asgardeo Integration - -To enable authorization through your own Asgardeo organization: +To enable authorization through your Asgardeo organization: 1. [Register](https://asgardeo.io/signup) and create an organization in Asgardeo 2. Create an [M2M application](https://wso2.com/asgardeo/docs/guides/applications/register-machine-to-machine-app/) 1. [Authorize this application](https://wso2.com/asgardeo/docs/guides/applications/register-machine-to-machine-app/#authorize-the-api-resources-for-the-app) to invoke "Application Management API" with the `internal_application_mgt_create` scope ![image](https://github.com/user-attachments/assets/0bd57cac-1904-48cc-b7aa-0530224bc41a) - 2. Update the existing `config.yaml` with your Asgardeo details: - -#### Configure the Auth Proxy - -Create a configuration file config.yaml with the following parameters: + +3. Update `config.yaml` with the following parameters. ```yaml base_url: "http://localhost:8000" # URL of your MCP server @@ -84,7 +82,7 @@ asgardeo: client_secret: "" # Client secret of the M2M app ``` -3. Start the proxy with Asgardeo integration: +4. Start the proxy with Asgardeo integration: ```bash ./openmcpauthproxy --asgardeo @@ -95,25 +93,6 @@ asgardeo: - [Auth0](docs/integrations/Auth0.md) - [Keycloak](docs/integrations/keycloak.md) -## Testing with an Example MCP Server - -If you don't have an MCP server, you can use the included example: - -1. Navigate to the `resources` directory -2. Set up a Python environment: - -```bash -python3 -m venv .venv -source .venv/bin/activate -pip3 install -r requirements.txt -``` - -3. Start the example server: - -```bash -python3 echo_server.py -``` - # Advanced Configuration ### Transport Modes @@ -228,3 +207,12 @@ asgardeo: client_id: "" client_secret: "" ``` + +### Build from source + +```bash +git clone https://github.com/wso2/open-mcp-auth-proxy +cd open-mcp-auth-proxy +go get github.com/golang-jwt/jwt/v4 gopkg.in/yaml.v2 +go build -o openmcpauthproxy ./cmd/proxy +``` From 23c282dcfc57c0eb519101e5fb9eadde34e545f4 Mon Sep 17 00:00:00 2001 From: Pavindu Lakshan Date: Fri, 18 Apr 2025 21:40:12 +0530 Subject: [PATCH 02/10] Add badges to README (#25) --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f13d709..d01be7b 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,12 @@ # Open MCP Auth Proxy -A lightweight authorization proxy for Model Context Protocol (MCP) servers that enforces authorization according to the [MCP authorization specification](https://spec.modelcontextprotocol.io/specification/2025-03-26/basic/authorization/). +A lightweight authorization proxy for Model Context Protocol (MCP) servers that enforces authorization according to the [MCP authorization specification](https://spec.modelcontextprotocol.io/specification/2025-03-26/basic/authorization/) + +[![πŸš€ Release](https://github.com/wso2/open-mcp-auth-proxy/actions/workflows/release.yml/badge.svg)](https://github.com/wso2/open-mcp-auth-proxy/actions/workflows/release.yml) +[![πŸ’¬ Stackoverflow](https://img.shields.io/badge/Ask%20for%20help%20on-Stackoverflow-orange)](https://stackoverflow.com/questions/tagged/wso2is) +[![πŸ’¬ Discord](https://img.shields.io/badge/Join%20us%20on-Discord-%23e01563.svg)](https://discord.gg/wso2) +[![🐦 Twitter](https://img.shields.io/twitter/follow/wso2.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=wso2) +[![πŸ“ License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/wso2/product-is/blob/master/LICENSE) ![Architecture Diagram](https://github.com/user-attachments/assets/41cf6723-c488-4860-8640-8fec45006f92) From 5261a69f7a149f4755731754ebc538ef3348a7e5 Mon Sep 17 00:00:00 2001 From: Pavindu Lakshan Date: Fri, 18 Apr 2025 21:40:36 +0530 Subject: [PATCH 03/10] Improve ordering in README (#24) --- README.md | 78 +++++++++++++++++++++++-------------------------------- 1 file changed, 33 insertions(+), 45 deletions(-) diff --git a/README.md b/README.md index d01be7b..71b4b60 100644 --- a/README.md +++ b/README.md @@ -25,17 +25,26 @@ Open MCP Auth Proxy sits between MCP clients and your MCP server to: * Go 1.20 or higher * A running MCP server + +> If you don't have an MCP server, you can use the included example: +> +> 1. Navigate to the `resources` directory +> 2. Set up a Python environment: +> +> ```bash +> python3 -m venv .venv +> source .venv/bin/activate +> pip3 install -r requirements.txt +> ``` +> +> 3. Start the example server: +> +> ```bash +> python3 echo_server.py +> ``` + * An MCP client that supports MCP authorization -### Installation - -```bash -git clone https://github.com/wso2/open-mcp-auth-proxy -cd open-mcp-auth-proxy -go get github.com/golang-jwt/jwt/v4 gopkg.in/yaml.v2 -go build -o openmcpauthproxy ./cmd/proxy -``` - ### Basic Usage 1. The repository comes with a default `config.yaml` file that contains the basic configuration: @@ -56,29 +65,18 @@ paths: 3. Connect using an MCP client like [MCP Inspector](https://github.com/shashimalcse/inspector)(This is a temporary fork with fixes for authentication [issues](https://github.com/modelcontextprotocol/typescript-sdk/issues/257) in the original implementation) -## Identity Provider Integration +## Connect an Identity Provider -### Demo Mode +### Asgardeo -For quick testing, use the `--demo` flag which includes pre-configured authentication and authorization with an Asgardeo sandbox. - -```bash -./openmcpauthproxy --demo -``` - -### Asgardeo Integration - -To enable authorization through your own Asgardeo organization: +To enable authorization through your Asgardeo organization: 1. [Register](https://asgardeo.io/signup) and create an organization in Asgardeo 2. Create an [M2M application](https://wso2.com/asgardeo/docs/guides/applications/register-machine-to-machine-app/) 1. [Authorize this application](https://wso2.com/asgardeo/docs/guides/applications/register-machine-to-machine-app/#authorize-the-api-resources-for-the-app) to invoke "Application Management API" with the `internal_application_mgt_create` scope ![image](https://github.com/user-attachments/assets/0bd57cac-1904-48cc-b7aa-0530224bc41a) - 2. Update the existing `config.yaml` with your Asgardeo details: - -#### Configure the Auth Proxy - -Create a configuration file config.yaml with the following parameters: + +3. Update `config.yaml` with the following parameters. ```yaml base_url: "http://localhost:8000" # URL of your MCP server @@ -90,7 +88,7 @@ asgardeo: client_secret: "" # Client secret of the M2M app ``` -3. Start the proxy with Asgardeo integration: +4. Start the proxy with Asgardeo integration: ```bash ./openmcpauthproxy --asgardeo @@ -101,25 +99,6 @@ asgardeo: - [Auth0](docs/integrations/Auth0.md) - [Keycloak](docs/integrations/keycloak.md) -## Testing with an Example MCP Server - -If you don't have an MCP server, you can use the included example: - -1. Navigate to the `resources` directory -2. Set up a Python environment: - -```bash -python3 -m venv .venv -source .venv/bin/activate -pip3 install -r requirements.txt -``` - -3. Start the example server: - -```bash -python3 echo_server.py -``` - # Advanced Configuration ### Transport Modes @@ -234,3 +213,12 @@ asgardeo: client_id: "" client_secret: "" ``` + +### Build from source + +```bash +git clone https://github.com/wso2/open-mcp-auth-proxy +cd open-mcp-auth-proxy +go get github.com/golang-jwt/jwt/v4 gopkg.in/yaml.v2 +go build -o openmcpauthproxy ./cmd/proxy +``` From 9ce9509cceb1b7fcb6f3b76118ca285a7320e5a0 Mon Sep 17 00:00:00 2001 From: Pavindu Lakshan Date: Mon, 21 Apr 2025 15:29:48 +0530 Subject: [PATCH 04/10] Fix issues in makefile (#26) --- .github/scripts/release.sh | 2 +- Makefile | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/scripts/release.sh b/.github/scripts/release.sh index 35568a2..2a1f6a9 100644 --- a/.github/scripts/release.sh +++ b/.github/scripts/release.sh @@ -19,7 +19,7 @@ GIT_TOKEN=$1 WORK_DIR=$2 VERSION_TYPE=$3 # possible values: major, minor, patch - Check if GIT_TOKEN is empty +# Check if GIT_TOKEN is empty if [ -z "$GIT_TOKEN" ]; then echo "❌ Error: GIT_TOKEN is not set." exit 1 diff --git a/Makefile b/Makefile index c9ef883..b0d0926 100644 --- a/Makefile +++ b/Makefile @@ -30,19 +30,19 @@ build: clean test build-linux build-linux-arm build-darwin build-linux: mkdir -p $(BUILD_DIR)/linux - GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -x -ldflags "-X main.version=$(BUILD_VERSION) \ + GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -x -ldflags "-X main.version=$(BUILD_VERSION)" \ -o $(BUILD_DIR)/linux/openmcpauthproxy $(PROJECT_ROOT)/cmd/proxy cp config.yaml $(BUILD_DIR)/linux build-linux-arm: mkdir -p $(BUILD_DIR)/linux-arm - GOOS=linux GOARCH=arm CGO_ENABLED=0 go build -x -ldflags "-X main.version=$(BUILD_VERSION) \ + GOOS=linux GOARCH=arm CGO_ENABLED=0 go build -x -ldflags "-X main.version=$(BUILD_VERSION)" \ -o $(BUILD_DIR)/linux-arm/openmcpauthproxy $(PROJECT_ROOT)/cmd/proxy cp config.yaml $(BUILD_DIR)/linux-arm build-darwin: mkdir -p $(BUILD_DIR)/darwin - GOOS=darwin GOARCH=amd64 CGO_ENABLED=0 go build -x -ldflags "-X main.version=$(BUILD_VERSION) \ + GOOS=darwin GOARCH=amd64 CGO_ENABLED=0 go build -x -ldflags "-X main.version=$(BUILD_VERSION)" \ -o $(BUILD_DIR)/darwin/openmcpauthproxy $(PROJECT_ROOT)/cmd/proxy cp config.yaml $(BUILD_DIR)/darwin From 87a1cbe21a5af7dbe2be38b5c748c3f81e474f43 Mon Sep 17 00:00:00 2001 From: Pavindu Lakshan Date: Sat, 26 Apr 2025 20:02:45 +0530 Subject: [PATCH 05/10] Update release.yml --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e55f6b6..0c51bc7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,7 +32,7 @@ jobs: with: ref: 'main' fetch-depth: 0 - token: ${{ secrets.GIT_BOT_PAT }} + token: ${{ secrets.GITHUB_TOKEN }} - uses: actions/checkout@v2 - name: Set up Go 1.x @@ -60,5 +60,5 @@ jobs: - name: Update artifact version, package, commit, and create release. env: - GITHUB_TOKEN: ${{ secrets.GIT_BOT_PAT }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: bash ./.github/scripts/release.sh $GITHUB_TOKEN ${{ github.workspace }} ${{ github.event.inputs.version_type }} From 4a5cf4e1cc2c5b8ab5ee4cfa0c94080d6493530c Mon Sep 17 00:00:00 2001 From: Pavindu Lakshan Date: Sun, 27 Apr 2025 17:23:13 +0530 Subject: [PATCH 06/10] Update README.md --- README.md | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 71b4b60..6be3ece 100644 --- a/README.md +++ b/README.md @@ -47,15 +47,7 @@ Open MCP Auth Proxy sits between MCP clients and your MCP server to: ### Basic Usage -1. The repository comes with a default `config.yaml` file that contains the basic configuration: - -```yaml -listen_port: 8080 -base_url: "http://localhost:8000" # Your MCP server URL -paths: - sse: "/sse" - messages: "/messages/" -``` +1. Download the latest release from [Github releases](https://github.com/wso2/open-mcp-auth-proxy/releases/latest). 2. Start the proxy in demo mode (uses pre-configured authentication with Asgardeo sandbox): @@ -63,6 +55,16 @@ paths: ./openmcpauthproxy --demo ``` +> The repository comes with a default `config.yaml` file that contains the basic configuration: +> +> ```yaml +> listen_port: 8080 +> base_url: "http://localhost:8000" # Your MCP server URL +> paths: +> sse: "/sse" +> messages: "/messages/" +> ``` + 3. Connect using an MCP client like [MCP Inspector](https://github.com/shashimalcse/inspector)(This is a temporary fork with fixes for authentication [issues](https://github.com/modelcontextprotocol/typescript-sdk/issues/257) in the original implementation) ## Connect an Identity Provider From 0bbc20ca5a1c4f804fb901071109f4a426d8b8de Mon Sep 17 00:00:00 2001 From: Pavindu Lakshan Date: Sat, 3 May 2025 01:06:41 +0530 Subject: [PATCH 07/10] Remove unnecessary fields from PR template --- pull_request_template.md | 51 ++++------------------------------------ 1 file changed, 5 insertions(+), 46 deletions(-) diff --git a/pull_request_template.md b/pull_request_template.md index 9b32185..c401a06 100644 --- a/pull_request_template.md +++ b/pull_request_template.md @@ -1,52 +1,11 @@ ## Purpose -> Describe the problems, issues, or needs driving this feature/fix and include links to related issues in the following format: Resolves issue1, issue2, etc. + -## Goals -> Describe the solutions that this feature/fix will introduce to resolve the problems described above - -## Approach -> Describe how you are implementing the solutions. Include an animated GIF or screenshot if the change affects the UI (email documentation@wso2.com to review all UI text). Include a link to a Markdown file or Google doc if the feature write-up is too long to paste here. - -## User stories -> Summary of user stories addressed by this change> - -## Release note -> Brief description of the new feature or bug fix as it will appear in the release notes - -## Documentation -> Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter β€œN/A” plus brief explanation of why there’s no doc impact - -## Training -> Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable - -## Certification -> Type β€œSent” when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to certification@wso2.com and NOT pasted in this PR. If there is no impact on certification exams, type β€œN/A” and explain why. - -## Marketing -> Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable - -## Automation tests - - Unit tests - > Code coverage information - - Integration tests - > Details about the test cases and coverage - -## Security checks - - Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes/no - - Ran FindSecurityBugs plugin and verified report? yes/no - - Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes/no - -## Samples -> Provide high-level details about the samples related to this feature +## Related Issues + ## Related PRs -> List any other related PRs + ## Migrations (if applicable) -> Describe migration steps and platforms on which migration has been tested - -## Test environment -> List all JDK versions, operating systems, databases, and browser/versions on which this feature/fix was tested - -## Learning -> Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem. \ No newline at end of file + From e0beca18cf64b26234348c6ad2b3d71b96ee8703 Mon Sep 17 00:00:00 2001 From: Angel Nunez Mencias Date: Mon, 19 May 2025 10:25:27 +0200 Subject: [PATCH 08/10] adjust configuration to kvant --- .github/workflows/ci.yaml | 71 +++++++++++++++++++++++++++++++++++++++ Dockerfile | 47 ++++++++++++++++++++++++++ cmd/proxy/main.go | 6 ++-- config.yaml | 48 +++++++++++++++++--------- 4 files changed, 153 insertions(+), 19 deletions(-) create mode 100644 .github/workflows/ci.yaml create mode 100644 Dockerfile diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..775003e --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,71 @@ +name: Build and Push container +run-name: Build and Push container +on: + workflow_dispatch: + #schedule: + # - cron: "0 10 * * *" + push: + branches: + - 'main' + - 'master' + tags: + - 'v*' + pull_request: + branches: + - 'main' + - 'master' +env: + IMAGE: git.kvant.cloud/${{github.repository}} +jobs: + build_concierge_backend: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set current time + uses: https://github.com/gerred/actions/current-time@master + id: current_time + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to git.kvant.cloud registry + uses: docker/login-action@v3 + with: + registry: git.kvant.cloud + username: ${{ vars.ORG_PACKAGE_WRITER_USERNAME }} + password: ${{ secrets.ORG_PACKAGE_WRITER_TOKEN }} + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + # list of Docker images to use as base name for tags + images: | + ${{env.IMAGE}} + # generate Docker tags based on the following events/attributes + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + + - name: Build and push to gitea registry + uses: docker/build-push-action@v6 + with: + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + context: . + provenance: mode=max + sbom: true + build-args: | + BUILD_DATE=${{ steps.current_time.outputs.time }} + cache-from: | + type=registry,ref=${{ env.IMAGE }}:buildcache + type=registry,ref=${{ env.IMAGE }}:${{ github.ref_name }} + type=registry,ref=${{ env.IMAGE }}:main + cache-to: type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max,image-manifest=true diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..2f0b940 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,47 @@ +FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.24@sha256:d9db32125db0c3a680cfb7a1afcaefb89c898a075ec148fdc2f0f646cc2ed509 AS build + +ARG TARGETPLATFORM +ARG BUILDPLATFORM +ARG TARGETOS +ARG TARGETARCH + +WORKDIR /workspace + +RUN apt update -qq && apt install -qq -y git bash curl g++ + +# Download libraries +ADD go.* . +RUN go mod download + +# Build +ADD cmd cmd +ADD internal internal +RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o webhook -ldflags '-w -extldflags "-static"' -o openmcpauthproxy ./cmd/proxy + +#Test +RUN CGO_ENABLED=1 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go test -v -race ./... + + +# Build production container +FROM --platform=${BUILDPLATFORM:-linux/amd64} ubuntu:24.04 + +RUN apt-get update \ + && apt-get install --no-install-recommends -y \ + python3-pip \ + python-is-python3 \ + npm \ + && apt-get autoremove \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +WORKDIR /app +COPY --from=build /workspace/openmcpauthproxy /app/ + +ADD config.yaml /app +RUN find . + + +ENTRYPOINT ["/app/openmcpauthproxy"] + +ARG IMAGE_SOURCE +LABEL org.opencontainers.image.source=$IMAGE_SOURCE diff --git a/cmd/proxy/main.go b/cmd/proxy/main.go index 6424f18..c43dd7d 100644 --- a/cmd/proxy/main.go +++ b/cmd/proxy/main.go @@ -12,7 +12,7 @@ import ( "github.com/wso2/open-mcp-auth-proxy/internal/authz" "github.com/wso2/open-mcp-auth-proxy/internal/config" "github.com/wso2/open-mcp-auth-proxy/internal/constants" - "github.com/wso2/open-mcp-auth-proxy/internal/logging" + logger "github.com/wso2/open-mcp-auth-proxy/internal/logging" "github.com/wso2/open-mcp-auth-proxy/internal/proxy" "github.com/wso2/open-mcp-auth-proxy/internal/subprocess" "github.com/wso2/open-mcp-auth-proxy/internal/util" @@ -58,7 +58,7 @@ func main() { logger.Warn("%v", err) logger.Warn("Subprocess may fail to start due to missing dependencies") } - + procManager = subprocess.NewManager() if err := procManager.Start(cfg); err != nil { logger.Warn("Failed to start subprocess: %v", err) @@ -95,7 +95,7 @@ func main() { // 5. Build the main router mux := proxy.NewRouter(cfg, provider) - listen_address := fmt.Sprintf(":%d", cfg.ListenPort) + listen_address := fmt.Sprintf("0.0.0.0:%d", cfg.ListenPort) // 6. Start the server srv := &http.Server{ diff --git a/config.yaml b/config.yaml index 5621195..af627c9 100644 --- a/config.yaml +++ b/config.yaml @@ -6,13 +6,8 @@ base_url: "http://localhost:8000" # Base URL for the MCP server port: 8000 # Port for the MCP server timeout_seconds: 10 -# Path configuration -paths: - sse: "/sse" # SSE endpoint path - messages: "/messages/" # Messages endpoint path - # Transport mode configuration -transport_mode: "sse" # Options: "sse" or "stdio" +transport_mode: "stdio" # Options: "sse" or "stdio" # stdio-specific configuration (used only when transport_mode is "stdio") stdio: @@ -22,13 +17,10 @@ stdio: # env: # Environment variables (optional) # - "NODE_ENV=development" -# Path mapping (optional) -path_mapping: - -# CORS configuration +# CORS settings cors: allowed_origins: - - "http://localhost:5173" + - "http://localhost:6274" # Origin of your frontend/client app allowed_methods: - "GET" - "POST" @@ -40,8 +32,32 @@ cors: - "mcp-protocol-version" allow_credentials: true -# Demo configuration for Asgardeo -demo: - org_name: "openmcpauthdemo" - client_id: "N0U9e_NNGr9mP_0fPnPfPI0a6twa" - client_secret: "qFHfiBp5gNGAO9zV4YPnDofBzzfInatfUbHyPZvM0jka" +# Keycloak endpoint path mappings +path_mapping: + sse: "/sse" # SSE endpoint path + messages: "/messages/" # Messages endpoint path + /token: /realms/master/protocol/openid-connect/token + /register: /realms/master/clients-registrations/openid-connect + +# Keycloak configuration block +default: + base_url: "https://iam.phoenix-systems.ch" + jwks_url: "https://iam.phoenix-systems.ch/realms/kvant/protocol/openid-connect/certs" + path: + /.well-known/oauth-authorization-server: + response: + issuer: "https://iam.phoenix-systems.ch/realms/kvant" + jwks_uri: "https://iam.phoenix-systems.ch/realms/kvant/protocol/openid-connect/certs" + authorization_endpoint: "https://iam.phoenix-systems.ch/realms/kvant/protocol/openid-connect/auth" + response_types_supported: + - "code" + grant_types_supported: + - "authorization_code" + - "refresh_token" + code_challenge_methods_supported: + - "S256" + - "plain" + /token: + addBodyParams: + - name: "audience" + value: "mcp_proxy" \ No newline at end of file From c3e2abd2bce076d4257d401859b656e6b8f81870 Mon Sep 17 00:00:00 2001 From: Angel Nunez Mencias Date: Mon, 2 Jun 2025 03:41:06 +0200 Subject: [PATCH 09/10] change cmd --- Dockerfile | 1 - config.yaml | 4 +++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2f0b940..3dc86da 100644 --- a/Dockerfile +++ b/Dockerfile @@ -38,7 +38,6 @@ WORKDIR /app COPY --from=build /workspace/openmcpauthproxy /app/ ADD config.yaml /app -RUN find . ENTRYPOINT ["/app/openmcpauthproxy"] diff --git a/config.yaml b/config.yaml index af627c9..ef70fbb 100644 --- a/config.yaml +++ b/config.yaml @@ -6,13 +6,15 @@ base_url: "http://localhost:8000" # Base URL for the MCP server port: 8000 # Port for the MCP server timeout_seconds: 10 + # Transport mode configuration transport_mode: "stdio" # Options: "sse" or "stdio" # stdio-specific configuration (used only when transport_mode is "stdio") stdio: enabled: true - user_command: "npx -y @modelcontextprotocol/server-github" + user_command: uvx mcp-server-time --local-timezone=Europe/Zurich + #user_command: "npx -y @modelcontextprotocol/server-github" work_dir: "" # Working directory (optional) # env: # Environment variables (optional) # - "NODE_ENV=development" From 8e80e2956c273df612ae6114484c6321c2d513be Mon Sep 17 00:00:00 2001 From: Angel Nunez Mencias Date: Mon, 2 Jun 2025 03:55:14 +0200 Subject: [PATCH 10/10] add uvx --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 3dc86da..dc468b1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,6 +34,8 @@ RUN apt-get update \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* +RUN pip install uvenv --break-system-packages + WORKDIR /app COPY --from=build /workspace/openmcpauthproxy /app/