You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(upstream-auth): inherit auth format from interceptors.auth when upstream_mcp.auth omitted
When upstream_mcp.auth is absent, the gateway now derives the outbound auth
format from interceptors.auth using the same priority-based selection as
outbound OpenAPI calls (sort by priority, first non-oauth/session-cookie entry).
Only bearer/query/custom-header types are inherited.
On HTTP transport the downstream client's session token is always the credential;
the inherited config only controls the format (Bearer header, custom header, or
query param). On stdio, value_from_env from the effective auth (upstream_mcp.auth
or inherited from interceptors.auth) is used as the service-account credential.
The security gate (reject anonymous HTTP sessions when auth is configured) now
triggers on any effective auth — direct or inherited.
This eliminates the need to duplicate auth configuration when the upstream MCP
server accepts the same format as inbound clients (the common case).
Agent authored
Copy file name to clipboardExpand all lines: docs/PROFILE-GUIDE.md
+35-24Lines changed: 35 additions & 24 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -104,52 +104,63 @@ When `enterprise_authorization.mode` is `required`, HTTP initialization accepts
104
104
105
105
-`transport.type` must be `"http-streamable"`
106
106
-`transport.url` must be an absolute `http` or `https` URL without inline credentials
107
-
-`auth.type` may be `bearer`, `query`, or `custom-header`
108
-
-`auth.value_from_env` names the env variable holding the credential — **stdio transport only**. On HTTP transport the downstream client's session Bearer token is always forwarded directly to the upstream; `value_from_env` is never read and may be omitted. Inline secrets are not supported for any auth type.
107
+
-`auth` is **optional**. When omitted, the auth format is inherited from `interceptors.auth` (see below).
108
+
-`auth.type` may be `bearer`, `query`, or `custom-header`. Set explicitly only when the upstream expects a different format than inbound clients use.
109
+
-`auth.value_from_env` names the env variable holding the credential — **stdio transport only**. On HTTP transport the downstream client's session token is always forwarded directly; `value_from_env` is never read.
109
110
-`upstream_mcp_from_env` must point to a single JSON object and takes precedence over static `upstream_mcp`
110
111
-`stdio` upstream definitions are intentionally rejected in this iteration so the later feature-gated implementation can add process lifecycle hardening separately
111
112
112
-
Example:
113
+
#### Auth inheritance from `interceptors.auth`
114
+
115
+
When `upstream_mcp.auth` is omitted, the gateway inherits the auth format from `interceptors.auth` using the same priority-based selection as outbound OpenAPI calls. Only `bearer`, `query`, and `custom-header` types are inherited — `oauth` and `session-cookie` are not forwarded.
116
+
117
+
**Common case — client Bearer token forwarded as Bearer to upstream (zero config):**
For HTTP session-passthrough deployments (client's own token forwarded upstream), omit `value_from_env`:
131
+
The client's `Authorization: Bearer <token>` is extracted from the inbound request and forwarded as-is to the upstream. If the inbound request carries no token, the upstream connection is refused. On stdio, `value_from_env` from `interceptors.auth` is used as the service-account credential.
132
+
133
+
**Override — upstream expects a different format than inbound clients:**
The client's `Authorization: Bearer <token>` sent to the gateway is forwarded as-is to the upstream. If the inbound request carries no token, the upstream connection is refused.
148
+
Clients authenticate with `X-Client-Key`; gateway forwards to upstream as `Authorization: Bearer`.
149
+
150
+
**Explicit `value_from_env` on `upstream_mcp.auth` (stdio only):**
**Profile selection**: If you set `profile_id` (or `profile_aliases`) and `openapi_spec_path`, you can launch the server with `--profile <id>` or `MCP4_PROFILE=<id>` without setting `--openapi-spec-path` or `MCP4_OPENAPI_SPEC_PATH`.
0 commit comments