feat(auth): support opaque token validation for generic authService#2944
Merged
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request introduces support for opaque token validation via an introspection endpoint in the AuthService. The implementation includes a new validateOpaqueToken method and corresponding unit tests. I have kept the security-related feedback regarding the HTTP client configuration to prevent potential SSRF vulnerabilities and the suggestion to use url.JoinPath for robust URL construction.
averikitsch
reviewed
Apr 6, 2026
averikitsch
reviewed
Apr 6, 2026
averikitsch
reviewed
Apr 6, 2026
averikitsch
reviewed
Apr 6, 2026
averikitsch
reviewed
Apr 6, 2026
averikitsch
requested changes
Apr 6, 2026
duwenxin99
added
the
release candidate
averikitsch
approved these changes
Apr 9, 2026
Contributor
|
🧨 Preview deployments removed. Cloudflare Pages environments for |
github-actions Bot
pushed a commit
that referenced
this pull request
Apr 9, 2026
…hService (#2944) Add opaque token support to MCP auth to generic authService - Add opaque token validator - Add unit and integration tests - Improve doc to outline the two different usages of generic authService ref: [OAuth Token Introspection](https://datatracker.ietf.org/doc/html/rfc7662#section-2.2) fix: #2872 c924701
github-actions Bot
pushed a commit
to renovate-bot/googleapis-_-genai-toolbox
that referenced
this pull request
Apr 9, 2026
…hService (googleapis#2944) Add opaque token support to MCP auth to generic authService - Add opaque token validator - Add unit and integration tests - Improve doc to outline the two different usages of generic authService ref: [OAuth Token Introspection](https://datatracker.ietf.org/doc/html/rfc7662#section-2.2) fix: googleapis#2872 c924701
Yuan325
added a commit
that referenced
this pull request
Apr 10, 2026
🤖 I have created a release *beep* *boop* --- ## [1.0.0](v0.32.0...v1.0.0) (2026-04-10) > [!IMPORTANT] > This is the first stable release. Please review the [UPGRADING.md](UPGRADING.md) guide for instructions on migrating from previous beta versions. ### ⚠ BREAKING CHANGES * **tools/elasticsearch:** add vector search support and remove query passing through param ([#2891](#2891)) * **tools/looker:** refactor looker-git-branch tool into 5 separate tools ([#2976](#2976)) ### Features * **auth:** Support opaque token validation for `generic` authService ([#2944](#2944)) ([c924701](c924701)) * **cloudsqlpg:** Run `SELECT 1` after successful connection attempt ([#2997](#2997)) ([6ed9700](6ed9700)) * **tools/bigquerysql:** Add semantic search support ([#2890](#2890)) ([862c396](862c396)) * **tools/elasticsearch-execute-esql:** Add Tool to execute arbitrary ES/QL queries ([#3013](#3013)) ([ae49fb7](ae49fb7)) * **tools/elasticsearch:** Add vector search support and remove query passing through param ([#2891](#2891)) ([d44e879](d44e879)) * **tools/looker:** Refactor looker-git-branch tool into 5 separate tools ([#2976](#2976)) ([b2472d4](b2472d4)) * **tools/mysql:** Add list-table-stats-tool to list table statistics in MySQL and Cloud SQL MySQL source. ([#2938](#2938)) ([dc2c2b4](dc2c2b4)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
github-actions Bot
pushed a commit
that referenced
this pull request
Apr 10, 2026
🤖 I have created a release *beep* *boop* --- ## [1.0.0](v0.32.0...v1.0.0) (2026-04-10) > [!IMPORTANT] > This is the first stable release. Please review the [UPGRADING.md](UPGRADING.md) guide for instructions on migrating from previous beta versions. ### ⚠ BREAKING CHANGES * **tools/elasticsearch:** add vector search support and remove query passing through param ([#2891](#2891)) * **tools/looker:** refactor looker-git-branch tool into 5 separate tools ([#2976](#2976)) ### Features * **auth:** Support opaque token validation for `generic` authService ([#2944](#2944)) ([c924701](c924701)) * **cloudsqlpg:** Run `SELECT 1` after successful connection attempt ([#2997](#2997)) ([6ed9700](6ed9700)) * **tools/bigquerysql:** Add semantic search support ([#2890](#2890)) ([862c396](862c396)) * **tools/elasticsearch-execute-esql:** Add Tool to execute arbitrary ES/QL queries ([#3013](#3013)) ([ae49fb7](ae49fb7)) * **tools/elasticsearch:** Add vector search support and remove query passing through param ([#2891](#2891)) ([d44e879](d44e879)) * **tools/looker:** Refactor looker-git-branch tool into 5 separate tools ([#2976](#2976)) ([b2472d4](b2472d4)) * **tools/mysql:** Add list-table-stats-tool to list table statistics in MySQL and Cloud SQL MySQL source. ([#2938](#2938)) ([dc2c2b4](dc2c2b4)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> 8b07b2d
github-actions Bot
pushed a commit
to renovate-bot/googleapis-_-genai-toolbox
that referenced
this pull request
Apr 10, 2026
🤖 I have created a release *beep* *boop* --- ## [1.0.0](googleapis/mcp-toolbox@v0.32.0...v1.0.0) (2026-04-10) > [!IMPORTANT] > This is the first stable release. Please review the [UPGRADING.md](UPGRADING.md) guide for instructions on migrating from previous beta versions. ### ⚠ BREAKING CHANGES * **tools/elasticsearch:** add vector search support and remove query passing through param ([googleapis#2891](googleapis#2891)) * **tools/looker:** refactor looker-git-branch tool into 5 separate tools ([googleapis#2976](googleapis#2976)) ### Features * **auth:** Support opaque token validation for `generic` authService ([googleapis#2944](googleapis#2944)) ([c924701](googleapis@c924701)) * **cloudsqlpg:** Run `SELECT 1` after successful connection attempt ([googleapis#2997](googleapis#2997)) ([6ed9700](googleapis@6ed9700)) * **tools/bigquerysql:** Add semantic search support ([googleapis#2890](googleapis#2890)) ([862c396](googleapis@862c396)) * **tools/elasticsearch-execute-esql:** Add Tool to execute arbitrary ES/QL queries ([googleapis#3013](googleapis#3013)) ([ae49fb7](googleapis@ae49fb7)) * **tools/elasticsearch:** Add vector search support and remove query passing through param ([googleapis#2891](googleapis#2891)) ([d44e879](googleapis@d44e879)) * **tools/looker:** Refactor looker-git-branch tool into 5 separate tools ([googleapis#2976](googleapis#2976)) ([b2472d4](googleapis@b2472d4)) * **tools/mysql:** Add list-table-stats-tool to list table statistics in MySQL and Cloud SQL MySQL source. ([googleapis#2938](googleapis#2938)) ([dc2c2b4](googleapis@dc2c2b4)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> 8b07b2d
github-actions Bot
pushed a commit
to pepe57/genai-toolbox
that referenced
this pull request
Apr 10, 2026
🤖 I have created a release *beep* *boop* --- ## [1.0.0](googleapis/mcp-toolbox@v0.32.0...v1.0.0) (2026-04-10) > [!IMPORTANT] > This is the first stable release. Please review the [UPGRADING.md](UPGRADING.md) guide for instructions on migrating from previous beta versions. ### ⚠ BREAKING CHANGES * **tools/elasticsearch:** add vector search support and remove query passing through param ([googleapis#2891](googleapis#2891)) * **tools/looker:** refactor looker-git-branch tool into 5 separate tools ([googleapis#2976](googleapis#2976)) ### Features * **auth:** Support opaque token validation for `generic` authService ([googleapis#2944](googleapis#2944)) ([c924701](googleapis@c924701)) * **cloudsqlpg:** Run `SELECT 1` after successful connection attempt ([googleapis#2997](googleapis#2997)) ([6ed9700](googleapis@6ed9700)) * **tools/bigquerysql:** Add semantic search support ([googleapis#2890](googleapis#2890)) ([862c396](googleapis@862c396)) * **tools/elasticsearch-execute-esql:** Add Tool to execute arbitrary ES/QL queries ([googleapis#3013](googleapis#3013)) ([ae49fb7](googleapis@ae49fb7)) * **tools/elasticsearch:** Add vector search support and remove query passing through param ([googleapis#2891](googleapis#2891)) ([d44e879](googleapis@d44e879)) * **tools/looker:** Refactor looker-git-branch tool into 5 separate tools ([googleapis#2976](googleapis#2976)) ([b2472d4](googleapis@b2472d4)) * **tools/mysql:** Add list-table-stats-tool to list table statistics in MySQL and Cloud SQL MySQL source. ([googleapis#2938](googleapis#2938)) ([dc2c2b4](googleapis@dc2c2b4)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> 8b07b2d
github-actions Bot
pushed a commit
to anikasharma03/genai-toolbox
that referenced
this pull request
Apr 10, 2026
🤖 I have created a release *beep* *boop* --- ## [1.0.0](googleapis/mcp-toolbox@v0.32.0...v1.0.0) (2026-04-10) > [!IMPORTANT] > This is the first stable release. Please review the [UPGRADING.md](UPGRADING.md) guide for instructions on migrating from previous beta versions. ### ⚠ BREAKING CHANGES * **tools/elasticsearch:** add vector search support and remove query passing through param ([googleapis#2891](googleapis#2891)) * **tools/looker:** refactor looker-git-branch tool into 5 separate tools ([googleapis#2976](googleapis#2976)) ### Features * **auth:** Support opaque token validation for `generic` authService ([googleapis#2944](googleapis#2944)) ([c924701](googleapis@c924701)) * **cloudsqlpg:** Run `SELECT 1` after successful connection attempt ([googleapis#2997](googleapis#2997)) ([6ed9700](googleapis@6ed9700)) * **tools/bigquerysql:** Add semantic search support ([googleapis#2890](googleapis#2890)) ([862c396](googleapis@862c396)) * **tools/elasticsearch-execute-esql:** Add Tool to execute arbitrary ES/QL queries ([googleapis#3013](googleapis#3013)) ([ae49fb7](googleapis@ae49fb7)) * **tools/elasticsearch:** Add vector search support and remove query passing through param ([googleapis#2891](googleapis#2891)) ([d44e879](googleapis@d44e879)) * **tools/looker:** Refactor looker-git-branch tool into 5 separate tools ([googleapis#2976](googleapis#2976)) ([b2472d4](googleapis@b2472d4)) * **tools/mysql:** Add list-table-stats-tool to list table statistics in MySQL and Cloud SQL MySQL source. ([googleapis#2938](googleapis#2938)) ([dc2c2b4](googleapis@dc2c2b4)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> 8b07b2d
github-actions Bot
pushed a commit
to pavankrishna13/genai-toolbox
that referenced
this pull request
Apr 10, 2026
🤖 I have created a release *beep* *boop* --- ## [1.0.0](googleapis/mcp-toolbox@v0.32.0...v1.0.0) (2026-04-10) > [!IMPORTANT] > This is the first stable release. Please review the [UPGRADING.md](UPGRADING.md) guide for instructions on migrating from previous beta versions. ### ⚠ BREAKING CHANGES * **tools/elasticsearch:** add vector search support and remove query passing through param ([googleapis#2891](googleapis#2891)) * **tools/looker:** refactor looker-git-branch tool into 5 separate tools ([googleapis#2976](googleapis#2976)) ### Features * **auth:** Support opaque token validation for `generic` authService ([googleapis#2944](googleapis#2944)) ([c924701](googleapis@c924701)) * **cloudsqlpg:** Run `SELECT 1` after successful connection attempt ([googleapis#2997](googleapis#2997)) ([6ed9700](googleapis@6ed9700)) * **tools/bigquerysql:** Add semantic search support ([googleapis#2890](googleapis#2890)) ([862c396](googleapis@862c396)) * **tools/elasticsearch-execute-esql:** Add Tool to execute arbitrary ES/QL queries ([googleapis#3013](googleapis#3013)) ([ae49fb7](googleapis@ae49fb7)) * **tools/elasticsearch:** Add vector search support and remove query passing through param ([googleapis#2891](googleapis#2891)) ([d44e879](googleapis@d44e879)) * **tools/looker:** Refactor looker-git-branch tool into 5 separate tools ([googleapis#2976](googleapis#2976)) ([b2472d4](googleapis@b2472d4)) * **tools/mysql:** Add list-table-stats-tool to list table statistics in MySQL and Cloud SQL MySQL source. ([googleapis#2938](googleapis#2938)) ([dc2c2b4](googleapis@dc2c2b4)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> 8b07b2d
github-actions Bot
pushed a commit
to Jaleel-zhu/genai-toolbox
that referenced
this pull request
Apr 10, 2026
🤖 I have created a release *beep* *boop* --- ## [1.0.0](googleapis/mcp-toolbox@v0.32.0...v1.0.0) (2026-04-10) > [!IMPORTANT] > This is the first stable release. Please review the [UPGRADING.md](UPGRADING.md) guide for instructions on migrating from previous beta versions. ### ⚠ BREAKING CHANGES * **tools/elasticsearch:** add vector search support and remove query passing through param ([googleapis#2891](googleapis#2891)) * **tools/looker:** refactor looker-git-branch tool into 5 separate tools ([googleapis#2976](googleapis#2976)) ### Features * **auth:** Support opaque token validation for `generic` authService ([googleapis#2944](googleapis#2944)) ([c924701](googleapis@c924701)) * **cloudsqlpg:** Run `SELECT 1` after successful connection attempt ([googleapis#2997](googleapis#2997)) ([6ed9700](googleapis@6ed9700)) * **tools/bigquerysql:** Add semantic search support ([googleapis#2890](googleapis#2890)) ([862c396](googleapis@862c396)) * **tools/elasticsearch-execute-esql:** Add Tool to execute arbitrary ES/QL queries ([googleapis#3013](googleapis#3013)) ([ae49fb7](googleapis@ae49fb7)) * **tools/elasticsearch:** Add vector search support and remove query passing through param ([googleapis#2891](googleapis#2891)) ([d44e879](googleapis@d44e879)) * **tools/looker:** Refactor looker-git-branch tool into 5 separate tools ([googleapis#2976](googleapis#2976)) ([b2472d4](googleapis@b2472d4)) * **tools/mysql:** Add list-table-stats-tool to list table statistics in MySQL and Cloud SQL MySQL source. ([googleapis#2938](googleapis#2938)) ([dc2c2b4](googleapis@dc2c2b4)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> 8b07b2d
hiracky16
pushed a commit
to hiracky16/mcp-toolbox
that referenced
this pull request
Apr 14, 2026
🤖 I have created a release *beep* *boop* --- ## [1.0.0](googleapis/mcp-toolbox@v0.32.0...v1.0.0) (2026-04-10) > [!IMPORTANT] > This is the first stable release. Please review the [UPGRADING.md](UPGRADING.md) guide for instructions on migrating from previous beta versions. ### ⚠ BREAKING CHANGES * **tools/elasticsearch:** add vector search support and remove query passing through param ([googleapis#2891](googleapis#2891)) * **tools/looker:** refactor looker-git-branch tool into 5 separate tools ([googleapis#2976](googleapis#2976)) ### Features * **auth:** Support opaque token validation for `generic` authService ([googleapis#2944](googleapis#2944)) ([c924701](googleapis@c924701)) * **cloudsqlpg:** Run `SELECT 1` after successful connection attempt ([googleapis#2997](googleapis#2997)) ([6ed9700](googleapis@6ed9700)) * **tools/bigquerysql:** Add semantic search support ([googleapis#2890](googleapis#2890)) ([862c396](googleapis@862c396)) * **tools/elasticsearch-execute-esql:** Add Tool to execute arbitrary ES/QL queries ([googleapis#3013](googleapis#3013)) ([ae49fb7](googleapis@ae49fb7)) * **tools/elasticsearch:** Add vector search support and remove query passing through param ([googleapis#2891](googleapis#2891)) ([d44e879](googleapis@d44e879)) * **tools/looker:** Refactor looker-git-branch tool into 5 separate tools ([googleapis#2976](googleapis#2976)) ([b2472d4](googleapis@b2472d4)) * **tools/mysql:** Add list-table-stats-tool to list table statistics in MySQL and Cloud SQL MySQL source. ([googleapis#2938](googleapis#2938)) ([dc2c2b4](googleapis@dc2c2b4)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add opaque token support to MCP auth to generic authService
ref: OAuth Token Introspection
fix: #2872