Skip to content

vMCP: implement upstream_inject outgoing auth strategy #3925

Closed
4 of 4 issues completed
Closed
vMCP: implement upstream_inject outgoing auth strategy#3925
4 of 4 issues completed
Assignees
tgrunnagle
Labels
authenticationauthorizationenhancementNew feature or requestgoPull requests that update go codevmcpVirtual MCP Server related issues
@jhrozek

Description

@jhrozek
jhrozek
opened on Feb 20, 2026

Overview

This epic implements the upstream_inject outgoing auth strategy for vMCP (RFC-0054). The strategy reads upstream IDP access tokens from identity.UpstreamTokens (a map[string]string populated by the embedded authorization server in Mode B) and injects them as Authorization: Bearer headers on outgoing backend requests. It also extends token_exchange with an optional SubjectProviderName field for RFC 8693 subject resolution from upstream provider tokens.

Background

RFC-0052 extended the auth middleware to populate identity.UpstreamTokens after TH-JWT validation, and RFC-0053 wired the embedded AS into vMCP. However, no outgoing auth strategy currently consumes those upstream tokens — backends requiring upstream provider credentials (e.g., a GitHub MCP server needing a GitHub access token) cannot receive them. This epic completes the pipeline by adding the upstream_inject strategy and the startup validation rules V-01, V-02, and V-06 that guard against misconfiguration.

Task Breakdown

Task ID Title Depends On GitHub Issue #
TASK-001 Phase 1: Core types and sentinel #4144
TASK-002 Phase 2: Strategy implementations TASK-001 #4145
TASK-003 Phase 3: Startup validation TASK-001 #4147
TASK-004 Phase 4: CRD and converter TASK-001 #4146

Acceptance Criteria

  • upstream_inject strategy reads identity.UpstreamTokens[providerName] and injects Authorization: Bearer on outgoing backend requests
  • ErrUpstreamTokenNotFound sentinel is defined and returned (wrapped with %w) when the provider's token is absent
  • TokenExchangeStrategy uses the upstream provider token as subject when SubjectProviderName is set
  • Startup validation V-01 (no AS present), V-02 (provider not in AS upstream list), and V-06 (empty providerName) fail fast with descriptive errors
  • Kubernetes CRD supports type: upstreamInject with UpstreamInjectSpec.providerName
  • CRD TokenExchangeConfig supports subjectProviderName field
  • UpstreamInjectConverter converts CRD resources to BackendAuthStrategy
  • All new types have SPDX headers, kubebuilder markers, and deepcopy regenerated
  • All linked task issues completed

References

Metadata

Metadata

Assignees

Labels

authenticationauthorizationenhancementNew feature or requestgoPull requests that update go codevmcpVirtual MCP Server related issues

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions