Skip to content

feat(auth): propagate end-user identity to upstream MCP servers#3152

Open
crivetimihai wants to merge 1 commit intomainfrom
identity-propagation
Open

feat(auth): propagate end-user identity to upstream MCP servers#3152
crivetimihai wants to merge 1 commit intomainfrom
identity-propagation

Conversation

@crivetimihai
Copy link
Copy Markdown
Member

@crivetimihai crivetimihai commented Feb 24, 2026
edited by jonpspri
Loading

Note: This PR was re-created from #2990 due to repository maintenance. Your code and branch are intact. @crivetimihai please verify everything looks good.

Summary

  • Adds secure, configurable end-user identity propagation from the gateway to upstream MCP servers via HTTP headers (X-Forwarded-User-*) and/or MCP _meta fields
  • Introduces UserContext model populated unconditionally from all auth paths (JWT, API key, basic, SSO, proxy), removing the include_user_info gate
  • Supports per-gateway configuration overrides, HMAC claim signing, and sensitive attribute filtering
  • Enriches audit trails with auth_method, acting_as, and delegation_chain fields
  • Feature-flagged via IDENTITY_PROPAGATION_ENABLED (default: false) — zero behavioral change for existing deployments

Changes

Core Implementation (8 phases)

  1. UserContext model on GlobalContext + always-on identity population from all auth paths
  2. Configuration: 6 new settings in config.py, per-gateway JSON override on Gateway model
  3. Propagation utility (mcpgateway/utils/identity_propagation.py): headers, meta, HMAC signing, filtering
  4. Proxy injection: identity forwarded in tool_service, resource_service, streamablehttp_transport (all code paths)
  5. Audit trail: 3 new columns (auth_method, acting_as, delegation_chain) + 2 Alembic migrations
  6. Plugin helpers: PluginContext.user_context, .user_email, .user_groups
  7. Session pool: identity headers in DEFAULT_IDENTITY_HEADERS for user isolation
  8. Rust runtime: identityMeta field on execution plans for _meta propagation via RMCP

Documentation & Configuration Surfaces

Tests

  • 77 unit tests with comprehensive diff coverage across all new code paths

Future Work

  • RFC 8693 token exchange on OAuthManager for on-behalf-of flows (deferred to a follow-up PR)

Closes #1436

@crivetimihai crivetimihai added this to the Release 1.0.0-GA milestone Feb 24, 2026
@crivetimihai crivetimihai added enhancement New feature or request security Improves security SHOULD P2: Important but not vital; high-value items that are not crucial for the immediate release labels Feb 24, 2026
@crivetimihai crivetimihai mentioned this pull request Feb 24, 2026
Closed
@crivetimihai @jonpspri
feat(auth): propagate end-user identity to upstream MCP servers (#1436)
f4f1f60 
Add secure, configurable identity propagation from the gateway to
upstream MCP servers. When enabled, the authenticated user's identity
(email, groups, roles, admin status, auth method) is forwarded via
HTTP headers (X-Forwarded-User-*) and/or MCP _meta fields.

Key changes:
- UserContext model on GlobalContext, always populated from all auth paths
- Identity propagation utility (headers, meta, HMAC signing, filtering)
- Per-gateway config overrides via identity_propagation JSON field
- Audit trail enriched with auth_method, acting_as, delegation_chain
- RFC 8693 token exchange on OAuthManager for on-behalf-of flows
- Session pool identity isolation via forwarded user headers
- Plugin convenience helpers (user_context, user_email, user_groups)
- ADR-041, dedicated docs page, full configuration surface coverage
- 77 unit tests with comprehensive diff coverage

Closes #1436

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
@jonpspri jonpspri force-pushed the identity-propagation branch from ced09d4 to f4f1f60 Compare March 23, 2026 11:36
@jonpspri
Copy link
Copy Markdown
Collaborator

jonpspri commented Mar 23, 2026

@crivetimihai I have the pen on this one. Need to extend to other areas of the codebase.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kevalmahajan kevalmahajan Awaiting requested review from kevalmahajan kevalmahajan is a code owner

@madhav165 madhav165 Awaiting requested review from madhav165 madhav165 is a code owner

@araujof araujof Awaiting requested review from araujof araujof is a code owner

@terylt terylt Awaiting requested review from terylt terylt is a code owner

@jonpspri jonpspri Awaiting requested review from jonpspri jonpspri is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

enhancement New feature or request security Improves security SHOULD P2: Important but not vital; high-value items that are not crucial for the immediate release

Projects

None yet

Milestone

Release 1.0.0-RC3

Development

Successfully merging this pull request may close these issues.

[FEATURE][AUTH]: Propagate end user identity and context through the CF workflow

2 participants

@crivetimihai @jonpspri