Skip to content

Commit bb6c804

Browse files
DaleSeoDaleSeo
authored
feat: implement OAuth 2.0 Client Credentials flow (#707)
* feat: implement OAuth 2.0 Client Credentials flow * fix: address SEP-1046 review findings * fix: validate HTTPS on JWT token endpoint
1 parent 60a5518 commit bb6c804

File tree

6 files changed

+1022
-1
lines changed

6 files changed

+1022
-1
lines changed

crates/rmcp/Cargo.toml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,8 @@ pin-project-lite = "0.2"
2727
pastey = { version = "0.2.0", optional = true }
2828
# oauth2 support
2929
oauth2 = { version = "5.0", optional = true, default-features = false }
30+
# JWT signing for client credentials (private_key_jwt)
31+
jsonwebtoken = { version = "9", optional = true }
3032

3133
# for auto generate schema
3234
schemars = { version = "1.0", optional = true, features = ["chrono04"] }
@@ -130,12 +132,14 @@ transport-streamable-http-server-session = [
130132
# transport-ws = ["transport-io", "dep:tokio-tungstenite"]
131133
tower = ["dep:tower-service"]
132134
auth = ["dep:oauth2", "__reqwest", "dep:url"]
135+
auth-client-credentials-jwt = ["auth", "dep:jsonwebtoken", "uuid"]
133136
schemars = ["dep:schemars"]
134137

135138
[dev-dependencies]
136139
tokio = { version = "1", features = ["full"] }
137140
schemars = { version = "1.1.0", features = ["chrono04"] }
138141
axum = { version = "0.8", default-features = false, features = ["http1", "tokio"] }
142+
url = "2.4"
139143
anyhow = "1.0"
140144
tracing-subscriber = { version = "0.3", features = [
141145
"env-filter",
@@ -251,3 +255,8 @@ path = "tests/test_custom_headers.rs"
251255
name = "test_sse_concurrent_streams"
252256
required-features = ["server", "client", "transport-streamable-http-server", "transport-streamable-http-client", "reqwest"]
253257
path = "tests/test_sse_concurrent_streams.rs"
258+
259+
[[test]]
260+
name = "test_client_credentials"
261+
required-features = ["auth"]
262+
path = "tests/test_client_credentials.rs"

crates/rmcp/src/transport.rs

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -93,10 +93,13 @@ pub use io::stdio;
9393

9494
#[cfg(feature = "auth")]
9595
pub mod auth;
96+
#[cfg(feature = "auth-client-credentials-jwt")]
97+
pub use auth::JwtSigningAlgorithm;
9698
#[cfg(feature = "auth")]
9799
pub use auth::{
98100
AuthClient, AuthError, AuthorizationManager, AuthorizationSession, AuthorizedHttpClient,
99-
CredentialStore, InMemoryCredentialStore, InMemoryStateStore, ScopeUpgradeConfig, StateStore,
101+
ClientCredentialsConfig, CredentialStore, EXTENSION_OAUTH_CLIENT_CREDENTIALS,
102+
InMemoryCredentialStore, InMemoryStateStore, ScopeUpgradeConfig, StateStore,
100103
StoredAuthorizationState, StoredCredentials, WWWAuthenticateParams,
101104
};
102105

0 commit comments

Comments
 (0)