49b9bb6724
Deploy Docs / deploy-docs (push) Failing after 1s
Conformance Tests / client-conformance (push) Failing after 3s
Conformance Tests / server-conformance (push) Failing after 1s
GitHub Actions Security Analysis / zizmor (push) Failing after 1s
CI / checks (push) Failing after 59m20s
CI / all-green (push) Waiting to run
70 lines
3.0 KiB
Python
70 lines
3.0 KiB
Python
"""HTTP-only SEP-990: `build_auth` presents an IdP-issued ID-JAG (jwt-bearer grant); `whoami` proves the subject."""
|
|
|
|
import httpx
|
|
|
|
from mcp.client import Client
|
|
from mcp.client.auth.extensions.identity_assertion import IdentityAssertionOAuthProvider
|
|
from stories._harness import Target, run_client
|
|
from stories._shared.auth import MCP_URL, InMemoryTokenStorage
|
|
|
|
from .idp import issue_id_jag
|
|
from .server import DEMO_CLIENT_ID, DEMO_CLIENT_SECRET, DEMO_SCOPE, ISSUER
|
|
|
|
# The end user the stand-in IdP says is signed in.
|
|
DEMO_SUBJECT = "alice@example.com"
|
|
|
|
|
|
async def fetch_id_jag(audience: str, resource: str) -> str:
|
|
"""Step one, the part the SDK does not do: obtain a fresh ID-JAG from the enterprise IdP.
|
|
|
|
A real implementation makes an RFC 8693 token-exchange request to the IdP, presenting the
|
|
signed-in user's ID token; `audience` (the authorization server's issuer) and `resource` (the
|
|
MCP server's identifier) pass straight through into the ID-JAG's `aud` and `resource` claims.
|
|
Here the stand-in IdP signs one in-process instead.
|
|
"""
|
|
return issue_id_jag(
|
|
subject=DEMO_SUBJECT, client_id=DEMO_CLIENT_ID, audience=audience, resource=resource, scope=DEMO_SCOPE
|
|
)
|
|
|
|
|
|
def build_auth(_http: httpx.AsyncClient) -> httpx.Auth:
|
|
"""An `IdentityAssertionOAuthProvider` for the pre-registered confidential client.
|
|
|
|
`issuer` is configuration, not discovery: the provider fetches metadata from this issuer's
|
|
well-known and never asks the MCP server which authorization server to use. The string must
|
|
equal the `issuer` its metadata serves byte for byte (note the trailing slash).
|
|
`Client(url, auth=...)` doesn't exist yet, so the harness threads this onto the underlying
|
|
`httpx.AsyncClient` and hands `main` a target that is already routed through it.
|
|
"""
|
|
return IdentityAssertionOAuthProvider(
|
|
server_url=MCP_URL,
|
|
storage=InMemoryTokenStorage(),
|
|
client_id=DEMO_CLIENT_ID,
|
|
client_secret=DEMO_CLIENT_SECRET,
|
|
issuer=ISSUER,
|
|
assertion_provider=fetch_id_jag,
|
|
scope=DEMO_SCOPE,
|
|
)
|
|
|
|
|
|
async def main(target: Target, *, mode: str = "auto") -> None:
|
|
# The target is already routed through `build_auth`'s provider. The first request 401s; the
|
|
# provider fetches the authorization server's metadata from the configured issuer (never from
|
|
# the MCP server), mints a fresh ID-JAG through `fetch_id_jag`, exchanges it at `/token` under
|
|
# the jwt-bearer grant, and retries with the bearer. No `/authorize`, no `/register`, no browser.
|
|
async with Client(target, mode=mode) as client:
|
|
listed = await client.list_tools()
|
|
assert [t.name for t in listed.tools] == ["whoami"]
|
|
|
|
result = await client.call_tool("whoami", {})
|
|
assert not result.is_error, result
|
|
assert result.structured_content == {
|
|
"subject": DEMO_SUBJECT,
|
|
"client_id": DEMO_CLIENT_ID,
|
|
"scopes": [DEMO_SCOPE],
|
|
}, result.structured_content
|
|
|
|
|
|
if __name__ == "__main__":
|
|
run_client(main)
|