3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-03 00:40:25 +02:00
Code Issues Projects Releases Packages Wiki Activity

mcp: pass access token to the upstream (#5593)

Browse source
This commit is contained in:
Denis Mishin 2025-04-29 12:13:18 -04:00 committed by GitHub
parent b9e3a5d301
commit 5b024a8ada
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
15 changed files with 774 additions and 719 deletions
Download patch file Download diff file Expand all files Collapse all files

8
config/policy.go
View file

@ -211,6 +211,8 @@ type Policy struct {
type MCP struct {
// UpstreamOAuth2 specifies that before the request reaches the MCP upstream server, it should acquire an OAuth2 token
UpstreamOAuth2 *UpstreamOAuth2 `mapstructure:"upstream_oauth2" yaml:"upstream_oauth2,omitempty" json:"upstream_oauth2,omitempty"`
// PassUpstreamAccessToken indicates whether to pass the upstream access token in the `Authorization: Bearer` header that is suitable for calling the MCP routes
PassUpstreamAccessToken bool `mapstructure:"pass_upstream_access_token" yaml:"pass_upstream_access_token,omitempty" json:"pass_upstream_access_token,omitempty"`
}
type UpstreamOAuth2 struct {
@ -859,9 +861,9 @@ func (p *Policy) IsForKubernetes() bool {
return p.KubernetesServiceAccountTokenFile != "" || p.KubernetesServiceAccountToken != ""
}
// IsMCP returns true if the route is for the Model Context Protocol upstream server.
func (p *Policy) IsMCP() bool {
return p != nil && p.MCP != nil
// IsMCPServer returns true if the route is for the Model Context Protocol upstream server.
func (p *Policy) IsMCPServer() bool {
return p != nil && p.MCP != nil && !p.MCP.PassUpstreamAccessToken
}
// IsTCP returns true if the route is for TCP.