0d3cb498a3
CI / Shell Format Check (push) Has been cancelled
CI / Check Ruby (3.4) (push) Has been cancelled
CI / CI Config (push) Has been cancelled
CI / Test on Node ${{ matrix.node }} and ${{ matrix.os }}${{ matrix.shard && format(' (shard {0}/3)', matrix.shard) || '' }} (push) Has been cancelled
CI / Build on Node ${{ matrix.node }} (push) Has been cancelled
CI / Style Check (push) Has been cancelled
CI / Generate Assets (push) Has been cancelled
CI / Check Python (3.14) (push) Has been cancelled
CI / Check Python (3.9) (push) Has been cancelled
CI / Build Docs (push) Has been cancelled
CI / Code Scan Action (push) Has been cancelled
CI / Site tests (push) Has been cancelled
CI / webui tests (push) Has been cancelled
CI / Run Integration Tests (push) Has been cancelled
CI / Run Smoke Tests (push) Has been cancelled
CI / Go Tests (push) Has been cancelled
CI / Share Test (push) Has been cancelled
CI / Redteam (Production API) (push) Has been cancelled
CI / Redteam (Staging API) (push) Has been cancelled
CI / GitHub Actions Lint (push) Has been cancelled
CI / Check Ruby (3.0) (push) Has been cancelled
release-please / release-please (push) Has been cancelled
release-please / build (push) Has been cancelled
release-please / publish-npm (push) Has been cancelled
release-please / publish-npm-backfill (push) Has been cancelled
release-please / docker (push) Has been cancelled
release-please / publish-code-scan-action (push) Has been cancelled
release-please / attest-code-scan-action (push) Has been cancelled
Deploy local.promptfoo.app / Deploy to Cloudflare Pages (push) Has been cancelled
Test and Publish Multi-arch Docker Image / test (push) Has been cancelled
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-amd64 platform:linux/amd64 runner:ubuntu-latest]) (push) Has been cancelled
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-arm64 platform:linux/arm64 runner:ubuntu-24.04-arm]) (push) Has been cancelled
Test and Publish Multi-arch Docker Image / merge-docker-digests (push) Has been cancelled
Test and Publish Multi-arch Docker Image / Attest Multi-arch Image (push) Has been cancelled
Validate Renovate Config / Validate Renovate Configuration (push) Has been cancelled
160 lines
4.3 KiB
Markdown
160 lines
4.3 KiB
Markdown
# redteam-mcp-auth (Red Team MCP Authentication)
|
|
|
|
You can run this example with:
|
|
|
|
```bash
|
|
npx promptfoo@latest init --example redteam-mcp-auth
|
|
cd redteam-mcp-auth
|
|
```
|
|
|
|
This example demonstrates how to configure authentication for red team evaluations against MCP (Model Context Protocol) servers. It shows OAuth 2.0 client credentials flow for authenticating with remote MCP servers.
|
|
|
|
## Overview
|
|
|
|
When running red team evaluations against protected MCP servers, you need to configure authentication. This example shows how to set up OAuth authentication in your MCP target configuration.
|
|
|
|
## Configuration
|
|
|
|
### OAuth Authentication
|
|
|
|
The `promptfooconfig.oauth.yaml` file demonstrates OAuth 2.0 client credentials flow:
|
|
|
|
```yaml
|
|
targets:
|
|
- id: mcp
|
|
label: MCP Example
|
|
config:
|
|
enabled: true
|
|
server:
|
|
url: https://example-app.promptfoo.app/mcp/minnow?auth_type=bearer
|
|
auth:
|
|
type: oauth
|
|
grantType: client_credentials
|
|
clientId: '{{env.PROMPTFOO_TARGET_CLIENT_ID}}'
|
|
clientSecret: '{{env.PROMPTFOO_TARGET_CLIENT_SECRET}}'
|
|
tokenUrl: https://example-app.promptfoo.app/oauth/token
|
|
scopes: []
|
|
```
|
|
|
|
## Environment Variables
|
|
|
|
This example requires the following environment variables:
|
|
|
|
- `PROMPTFOO_TARGET_CLIENT_ID` - Your OAuth client ID
|
|
- `PROMPTFOO_TARGET_CLIENT_SECRET` - Your OAuth client secret
|
|
|
|
NOTE: The values for these environment variables are available upon request.
|
|
|
|
## Running the Example
|
|
|
|
1. **Set up environment variables:**
|
|
|
|
```bash
|
|
export PROMPTFOO_TARGET_CLIENT_ID=your-client-id
|
|
export PROMPTFOO_TARGET_CLIENT_SECRET=your-client-secret
|
|
```
|
|
|
|
2. **Run the red team evaluation:**
|
|
|
|
```bash
|
|
promptfoo redteam run -c promptfooconfig.oauth.yaml
|
|
```
|
|
|
|
3. **View the results:**
|
|
|
|
```bash
|
|
promptfoo view
|
|
```
|
|
|
|
## How It Works
|
|
|
|
### OAuth Flow for MCP
|
|
|
|
When using OAuth authentication with MCP servers:
|
|
|
|
1. If `tokenUrl` is not specified, the provider discovers it using RFC 8414 OAuth metadata
|
|
2. The MCP provider requests an access token from the `tokenUrl` using client credentials
|
|
3. The token is cached and proactively refreshed before it expires (with a 60-second buffer)
|
|
4. The token is added to MCP transport requests as an `Authorization: Bearer <token>` header
|
|
5. If a token expires during an evaluation, the provider automatically reconnects with a fresh token
|
|
|
|
### Token Refresh
|
|
|
|
The MCP provider implements proactive token refresh:
|
|
|
|
- Tokens are refreshed 60 seconds before expiration
|
|
- Concurrent requests share the same refresh operation (no duplicate token fetches)
|
|
- If a 401 error occurs, the provider automatically refreshes and retries
|
|
|
|
## Other Authentication Methods
|
|
|
|
The MCP provider also supports these authentication types:
|
|
|
|
### Bearer Token
|
|
|
|
```yaml
|
|
server:
|
|
url: https://mcp-server.example.com
|
|
auth:
|
|
type: bearer
|
|
token: '{{env.MCP_BEARER_TOKEN}}'
|
|
```
|
|
|
|
### Basic Authentication
|
|
|
|
```yaml
|
|
server:
|
|
url: https://mcp-server.example.com
|
|
auth:
|
|
type: basic
|
|
username: '{{env.MCP_USERNAME}}'
|
|
password: '{{env.MCP_PASSWORD}}'
|
|
```
|
|
|
|
### API Key
|
|
|
|
```yaml
|
|
server:
|
|
url: https://mcp-server.example.com
|
|
auth:
|
|
type: api_key
|
|
value: '{{env.MCP_API_KEY}}'
|
|
placement: header # or 'query'
|
|
keyName: X-API-Key # header/param name
|
|
```
|
|
|
|
### OAuth Password Grant
|
|
|
|
```yaml
|
|
server:
|
|
url: https://mcp-server.example.com
|
|
auth:
|
|
type: oauth
|
|
grantType: password
|
|
tokenUrl: https://auth.example.com/token
|
|
username: '{{env.MCP_USERNAME}}'
|
|
password: '{{env.MCP_PASSWORD}}'
|
|
clientId: '{{env.MCP_CLIENT_ID}}' # optional
|
|
clientSecret: '{{env.MCP_CLIENT_SECRET}}' # optional
|
|
scopes: ['read', 'write']
|
|
```
|
|
|
|
## Security Best Practices
|
|
|
|
- **Never commit credentials** to version control
|
|
- **Use environment variables** for all sensitive values
|
|
- **Use the most restrictive scopes** necessary for OAuth
|
|
- **Rotate credentials regularly** in production environments
|
|
|
|
## Customizing for Your MCP Server
|
|
|
|
To use this example with your own MCP server:
|
|
|
|
1. Update the `url` to point to your MCP server endpoint
|
|
2. Update the `tokenUrl` for OAuth authentication
|
|
3. Set the appropriate environment variables
|
|
4. Adjust the `redteam.purpose` to describe your system
|
|
5. Configure the appropriate plugins for your security testing needs
|
|
|
|
For more information, see the [MCP Provider documentation](/docs/providers/mcp) and [Red Team documentation](/docs/red-team/getting-started).
|