Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

feat: implement RFC 6750 Bearer token authentication#18644

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Conversation

@ThomasK33
Copy link
Member

Add RFC 6750 Bearer Token Authentication Support

This PR implements RFC 6750 Bearer Token authentication as an additional authentication method for Coder's API. This allows clients to authenticate using standard OAuth 2.0 Bearer tokens in two ways:

  1. Using theAuthorization: Bearer <token> header
  2. Using theaccess_token query parameter

Key changes:

  • Added support for extracting tokens from both Bearer headers and access_token query parameters
  • Implemented proper WWW-Authenticate headers for 401/403 responses with appropriate error descriptions
  • Added comprehensive test coverage for the new authentication methods
  • Updated the OAuth2 protected resource metadata endpoint to advertise Bearer token support
  • Enhanced the OAuth2 testing script to verify Bearer token functionality

These authentication methods are added as fallback options, maintaining backward compatibility with Coder's existing authentication mechanisms. The existing authentication methods (cookies, session token header, etc.) still take precedence.

This implementation follows the OAuth 2.0 Bearer Token specification (RFC 6750) and improves interoperability with standard OAuth 2.0 clients.

@ThomasK33Graphite App
Copy link
MemberAuthor

ThomasK33 commentedJun 27, 2025
edited
Loading

This stack of pull requests is managed byGraphite. Learn more aboutstacking.

@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_6750_bearer_token_support_for_mcp_compliance branch fromff83df4 to3665807CompareJune 27, 2025 17:02
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_9728_protected_resource_metadata_endpoint branch from5898895 to5be6c6aCompareJune 27, 2025 17:02
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_6750_bearer_token_support_for_mcp_compliance branch from3665807 to56126ddCompareJune 27, 2025 17:11
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_9728_protected_resource_metadata_endpoint branch from5be6c6a tofded148CompareJune 27, 2025 17:29
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_6750_bearer_token_support_for_mcp_compliance branch 2 times, most recently fromfca6b9a to68baa21CompareJune 27, 2025 17:54
@ThomasK33ThomasK33 marked this pull request as ready for reviewJune 29, 2025 11:14
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_6750_bearer_token_support_for_mcp_compliance branch from68baa21 to578e708CompareJune 30, 2025 11:06
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_9728_protected_resource_metadata_endpoint branch 2 times, most recently from9b7f5d9 to7ef25b1CompareJune 30, 2025 11:49
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_6750_bearer_token_support_for_mcp_compliance branch from578e708 to26c0eebCompareJune 30, 2025 11:49
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_9728_protected_resource_metadata_endpoint branch from7ef25b1 tof0608bcCompareJune 30, 2025 12:02
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_6750_bearer_token_support_for_mcp_compliance branch from26c0eeb to7b70f7fCompareJune 30, 2025 12:02
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_9728_protected_resource_metadata_endpoint branch fromf0608bc toc68a923CompareJune 30, 2025 12:31
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_6750_bearer_token_support_for_mcp_compliance branch from7b70f7f to1a9400eCompareJune 30, 2025 12:31
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_9728_protected_resource_metadata_endpoint branch fromc68a923 tof55771aCompareJune 30, 2025 12:46
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_6750_bearer_token_support_for_mcp_compliance branch 2 times, most recently from5f946b1 to14d91acCompareJune 30, 2025 12:53
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_9728_protected_resource_metadata_endpoint branch fromf55771a to34af681CompareJune 30, 2025 12:53
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_9728_protected_resource_metadata_endpoint branch froma239eaa to4ca3595CompareJuly 1, 2025 16:56
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_6750_bearer_token_support_for_mcp_compliance branch 2 times, most recently fromdd8ddee to54580faCompareJuly 1, 2025 17:18
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_9728_protected_resource_metadata_endpoint branch from4ca3595 to23374cdCompareJuly 1, 2025 17:18
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_6750_bearer_token_support_for_mcp_compliance branch from54580fa to21cdd55CompareJuly 1, 2025 19:54
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_9728_protected_resource_metadata_endpoint branch 2 times, most recently from43fcceb todb5e215CompareJuly 1, 2025 20:14
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_6750_bearer_token_support_for_mcp_compliance branch from21cdd55 to2410fd8CompareJuly 1, 2025 20:14
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_9728_protected_resource_metadata_endpoint branch fromdb5e215 to953036fCompareJuly 2, 2025 12:08
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_6750_bearer_token_support_for_mcp_compliance branch from2410fd8 to7eb343bCompareJuly 2, 2025 12:08
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_6750_bearer_token_support_for_mcp_compliance branch from7eb343b to3760dd0CompareJuly 2, 2025 12:25
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_9728_protected_resource_metadata_endpoint branch 2 times, most recently from22c2dc6 to14e6e22CompareJuly 2, 2025 15:49
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_6750_bearer_token_support_for_mcp_compliance branch from3760dd0 to2a41a65CompareJuly 2, 2025 15:50
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_9728_protected_resource_metadata_endpoint branch from14e6e22 to5791cb0CompareJuly 2, 2025 16:35
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_6750_bearer_token_support_for_mcp_compliance branch from2a41a65 to52c88e0CompareJuly 2, 2025 16:35
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_9728_protected_resource_metadata_endpoint branch 2 times, most recently from7e0ce8a to59b7a9dCompareJuly 2, 2025 16:44
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_6750_bearer_token_support_for_mcp_compliance branch from52c88e0 to4799b4bCompareJuly 2, 2025 16:44
@ThomasK33ThomasK33 changed the base branch fromthomask33/06-27-feat_oauth2_implement_rfc_9728_protected_resource_metadata_endpoint tographite-base/18644July 2, 2025 16:58
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_6750_bearer_token_support_for_mcp_compliance branch from4799b4b toa07ba99CompareJuly 2, 2025 16:58
@graphite-appgraphite-appbot changed the base branch fromgraphite-base/18644 tomainJuly 2, 2025 16:59
- Add RFC 6750 bearer token extraction to APITokenFromRequest as fallback methods- Support Authorization: Bearer <token> header and access_token query parameter- Maintain backward compatibility by prioritizing existing custom methods first- Add WWW-Authenticate headers to 401/403 responses per RFC 6750- Update Protected Resource Metadata to advertise bearer_methods_supported- Add comprehensive test suite for RFC 6750 compliance in rfc6750_test.go- Update MCP test scripts with bearer token authentication tests- Enhance CLAUDE.md with improved Go LSP tool usage guidelinesImplements RFC 6750 Section 2.1 (Authorization Request Header Field) and 2.3 (URI Query Parameter).Maintains full backward compatibility with existing Coder authentication methods.Completes major MCP OAuth2 compliance milestone.Change-Id: Ic9c9057153b40728ad91b377d753a7ffd566add7Signed-off-by: Thomas Kosiewski <tk@coder.com>
@ThomasK33ThomasK33force-pushed thethomask33/06-27-feat_oauth2_implement_rfc_6750_bearer_token_support_for_mcp_compliance branch froma07ba99 to5c1b9f6CompareJuly 2, 2025 16:59
@ThomasK33ThomasK33 merged commit09c5055 intomainJul 2, 2025
36 of 55 checks passed
@ThomasK33Graphite App
Copy link
MemberAuthor

Merge activity

@ThomasK33ThomasK33 deleted the thomask33/06-27-feat_oauth2_implement_rfc_6750_bearer_token_support_for_mcp_compliance branchJuly 2, 2025 17:14
@github-actionsgithub-actionsbot locked and limited conversation to collaboratorsJul 2, 2025
Sign up for freeto subscribe to this conversation on GitHub. Already have an account?Sign in.

Reviewers

Copilot code reviewCopilotCopilot left review comments

@johnstcnjohnstcnjohnstcn approved these changes

@EmyrkEmyrkEmyrk approved these changes

Assignees

@ThomasK33ThomasK33

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ThomasK33@johnstcn@Emyrk
[8]ページ先頭
©2009-2025 Movatter.jp