Add disableUpstreamTokenInjection to embedded auth server config

aron-muon · claude · aron-muon · commit 4ba2dcfd8a87 · 2026-03-16T12:51:14.000Z
The embedded auth server always injected upstream IdP tokens into
requests forwarded to backend MCP servers. This made it impossible
to use the embedded auth server for client-facing OAuth flows when
the upstream MCP server is public and doesn't require authentication
— the injected token caused 401 rejections from the upstream.

Add a `disableUpstreamTokenInjection` field to EmbeddedAuthServerConfig
that skips the upstream swap middleware while keeping the embedded auth
server running for client authentication.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/cmd/thv-operator/api/v1alpha1/mcpexternalauthconfig_types.go b/cmd/thv-operator/api/v1alpha1/mcpexternalauthconfig_types.go
@@ -192,6 +192,16 @@ type EmbeddedAuthServerConfig struct {
 	// +optional
 	Storage *AuthServerStorageConfig `json:"storage,omitempty"`
 
+	// DisableUpstreamTokenInjection prevents the embedded auth server from injecting
+	// upstream IdP tokens into requests forwarded to the backend MCP server.
+	// When true, the embedded auth server still handles OAuth flows for clients
+	// but does not swap ToolHive JWTs for upstream tokens on outgoing requests.
+	// This is useful when the backend MCP server does not require authentication
+	// (e.g., public documentation servers) but you still want client authentication.
+	// +kubebuilder:default=false
+	// +optional
+	DisableUpstreamTokenInjection bool `json:"disableUpstreamTokenInjection,omitempty"`
+
 	// AllowedAudiences is the list of valid resource URIs that tokens can be issued for.
 	// For an embedded auth server, this can be determined by the servers (MCP or vMCP) it serves.
 
diff --git a/cmd/thv-operator/pkg/controllerutil/authserver.go b/cmd/thv-operator/pkg/controllerutil/authserver.go
@@ -444,6 +444,9 @@ func buildEmbeddedAuthServerRunnerConfig(
 	}
 	config.Storage = storageCfg
 
+	// Wire through upstream token injection flag
+	config.DisableUpstreamTokenInjection = authConfig.DisableUpstreamTokenInjection
+
 	return config, nil
 }
 
diff --git a/cmd/thv-operator/pkg/controllerutil/authserver_test.go b/cmd/thv-operator/pkg/controllerutil/authserver_test.go
@@ -875,6 +875,43 @@ func TestBuildEmbeddedAuthServerRunnerConfig(t *testing.T) {
 				assert.Equal(t, []string{"openid", "profile", "email", "custom:scope"}, config.ScopesSupported)
 			},
 		},
+		{
+			name: "DisableUpstreamTokenInjection is wired through",
+			authConfig: &mcpv1alpha1.EmbeddedAuthServerConfig{
+				Issuer: "https://auth.example.com",
+				SigningKeySecretRefs: []mcpv1alpha1.SecretKeyRef{
+					{Name: "signing-key", Key: "private.pem"},
+				},
+				HMACSecretRefs: []mcpv1alpha1.SecretKeyRef{
+					{Name: "hmac-secret", Key: "hmac"},
+				},
+				DisableUpstreamTokenInjection: true,
+			},
+			oidcConfig: defaultOIDCConfig,
+			checkFunc: func(t *testing.T, config *authserver.RunConfig) {
+				t.Helper()
+				assert.True(t, config.DisableUpstreamTokenInjection,
+					"DisableUpstreamTokenInjection should be wired from CRD to RunConfig")
+			},
+		},
+		{
+			name: "DisableUpstreamTokenInjection defaults to false",
+			authConfig: &mcpv1alpha1.EmbeddedAuthServerConfig{
+				Issuer: "https://auth.example.com",
+				SigningKeySecretRefs: []mcpv1alpha1.SecretKeyRef{
+					{Name: "signing-key", Key: "private.pem"},
+				},
+				HMACSecretRefs: []mcpv1alpha1.SecretKeyRef{
+					{Name: "hmac-secret", Key: "hmac"},
+				},
+			},
+			oidcConfig: defaultOIDCConfig,
+			checkFunc: func(t *testing.T, config *authserver.RunConfig) {
+				t.Helper()
+				assert.False(t, config.DisableUpstreamTokenInjection,
+					"DisableUpstreamTokenInjection should default to false")
+			},
+		},
 	}
 
 	for _, tt := range tests {
diff --git a/deploy/charts/operator-crds/files/crds/toolhive.stacklok.dev_mcpexternalauthconfigs.yaml b/deploy/charts/operator-crds/files/crds/toolhive.stacklok.dev_mcpexternalauthconfigs.yaml
@@ -181,6 +181,16 @@ spec:
                   EmbeddedAuthServer configures an embedded OAuth2/OIDC authorization server
                   Only used when Type is "embeddedAuthServer"
                 properties:
+                  disableUpstreamTokenInjection:
+                    default: false
+                    description: |-
+                      DisableUpstreamTokenInjection prevents the embedded auth server from injecting
+                      upstream IdP tokens into requests forwarded to the backend MCP server.
+                      When true, the embedded auth server still handles OAuth flows for clients
+                      but does not swap ToolHive JWTs for upstream tokens on outgoing requests.
+                      This is useful when the backend MCP server does not require authentication
+                      (e.g., public documentation servers) but you still want client authentication.
+                    type: boolean
                   hmacSecretRefs:
                     description: |-
                       HMACSecretRefs references Kubernetes Secrets containing symmetric secrets for signing
diff --git a/deploy/charts/operator-crds/templates/toolhive.stacklok.dev_mcpexternalauthconfigs.yaml b/deploy/charts/operator-crds/templates/toolhive.stacklok.dev_mcpexternalauthconfigs.yaml
@@ -184,6 +184,16 @@ spec:
                   EmbeddedAuthServer configures an embedded OAuth2/OIDC authorization server
                   Only used when Type is "embeddedAuthServer"
                 properties:
+                  disableUpstreamTokenInjection:
+                    default: false
+                    description: |-
+                      DisableUpstreamTokenInjection prevents the embedded auth server from injecting
+                      upstream IdP tokens into requests forwarded to the backend MCP server.
+                      When true, the embedded auth server still handles OAuth flows for clients
+                      but does not swap ToolHive JWTs for upstream tokens on outgoing requests.
+                      This is useful when the backend MCP server does not require authentication
+                      (e.g., public documentation servers) but you still want client authentication.
+                    type: boolean
                   hmacSecretRefs:
                     description: |-
                       HMACSecretRefs references Kubernetes Secrets containing symmetric secrets for signing
diff --git a/docs/operator/crd-api.md b/docs/operator/crd-api.md
diff --git a/pkg/authserver/config.go b/pkg/authserver/config.go
@@ -71,6 +71,11 @@ type RunConfig struct {
 	// Storage configures the storage backend for the auth server.
 	// If nil, defaults to in-memory storage.
 	Storage *storage.RunConfig `json:"storage,omitempty" yaml:"storage,omitempty"`
+
+	// DisableUpstreamTokenInjection prevents the upstream swap middleware from being added.
+	// When true, the embedded auth server handles OAuth flows for clients but does not
+	// inject upstream IdP tokens into requests forwarded to the backend MCP server.
+	DisableUpstreamTokenInjection bool `json:"disable_upstream_token_injection,omitempty" yaml:"disable_upstream_token_injection,omitempty"`
 }
 
 // SigningKeyRunConfig configures where to load signing keys from.
diff --git a/pkg/runner/middleware.go b/pkg/runner/middleware.go
@@ -251,8 +251,9 @@ func addUsageMetricsMiddleware(middlewares []types.MiddlewareConfig, configDisab
 
 // addUpstreamSwapMiddleware adds upstream swap middleware if the embedded auth server is configured.
 // This middleware exchanges ToolHive JWTs for upstream IdP tokens.
-// The middleware is only added when EmbeddedAuthServerConfig is set; if UpstreamSwapConfig
-// is nil, default configuration values are used.
+// The middleware is only added when EmbeddedAuthServerConfig is set and
+// DisableUpstreamTokenInjection is false. If UpstreamSwapConfig is nil,
+// default configuration values are used.
 func addUpstreamSwapMiddleware(
 	middlewares []types.MiddlewareConfig,
 	config *RunConfig,
@@ -262,6 +263,11 @@ func addUpstreamSwapMiddleware(
 		return middlewares, nil
 	}
 
+	// Skip upstream token injection if explicitly disabled
+	if config.EmbeddedAuthServerConfig.DisableUpstreamTokenInjection {
+		return middlewares, nil
+	}
+
 	// Use provided config or defaults
 	upstreamSwapConfig := config.UpstreamSwapConfig
 	if upstreamSwapConfig == nil {
diff --git a/pkg/runner/middleware_test.go b/pkg/runner/middleware_test.go
@@ -270,6 +270,15 @@ func TestAddUpstreamSwapMiddleware(t *testing.T) {
 			},
 			wantAppended: true,
 		},
+		{
+			name: "EmbeddedAuthServerConfig with DisableUpstreamTokenInjection skips middleware",
+			config: func() *RunConfig {
+				cfg := createMinimalAuthServerConfig()
+				cfg.DisableUpstreamTokenInjection = true
+				return &RunConfig{EmbeddedAuthServerConfig: cfg}
+			}(),
+			wantAppended: false,
+		},
 		{
 			name: "EmbeddedAuthServerConfig set with explicit UpstreamSwapConfig uses provided config",
 			config: &RunConfig{
@@ -347,6 +356,15 @@ func TestPopulateMiddlewareConfigs_UpstreamSwap(t *testing.T) {
 			config:           &RunConfig{EmbeddedAuthServerConfig: nil},
 			wantUpstreamSwap: false,
 		},
+		{
+			name: "DisableUpstreamTokenInjection omits upstream-swap",
+			config: func() *RunConfig {
+				cfg := createMinimalAuthServerConfig()
+				cfg.DisableUpstreamTokenInjection = true
+				return &RunConfig{EmbeddedAuthServerConfig: cfg}
+			}(),
+			wantUpstreamSwap: false,
+		},
 		{
 			name: "explicit UpstreamSwapConfig is used",
 			config: &RunConfig{

Original file line number	Diff line number	Diff line change
`@@ -444,6 +444,9 @@ func buildEmbeddedAuthServerRunnerConfig(`
`444`	`444`	`}`
`445`	`445`	`config.Storage = storageCfg`
`446`	`446`
	`447`	`+ // Wire through upstream token injection flag`
	`448`	`+ config.DisableUpstreamTokenInjection = authConfig.DisableUpstreamTokenInjection`
	`449`	`+`
`447`	`450`	`return config, nil`
`448`	`451`	`}`
`449`	`452`