MCP: Investigate OAuth token passthrough #32864
Description
We should have enough implemented to do authentication of requests as long as the client supplies a valid access token. (The part we're missing is the ability to tell the client how to obtain the access token if it doesn't already have one)
- Set up the miles of smiles demo with quarkus as the front-end and liberty as the backend MCP server
- Miles of smiles demo: https://quarkus.io/quarkus-workshop-langchain4j/step-08/
- Use this but use liberty as the MCP server, rather than quarkus
- Modifications to make it connect to ollama and liberty are on this branch: https://github.com/Azquelt/quarkus-workshop-langchain4j/tree/mcp-local-liberty
- Liberty application code: https://github.com/Azquelt/liberty-mcp-weather-demo
- Miles of smiles demo: https://quarkus.io/quarkus-workshop-langchain4j/step-08/
- Set up an additional liberty server to act as the authorization server
- Update the front-end to require authentication using an access token acquired from the liberty authorization server
- Set up token pass-through so that MCP requests are made using the same access token
- Update the back-end to require an access token to access the mcp endpoint
Other resources:
- Liberty client-server OAuth demo: https://github.com/Azquelt/liberty-oauth-example
- Liberty OAuth client docs: https://www.ibm.com/docs/en/was-liberty/core?topic=connect-configuring-oauth-20-protected-resources-in-liberty
- Liberty OAuth server docs: https://www.ibm.com/docs/en/was-liberty/core?topic=cocpil-using-openid-connect-provider-as-oauth-20-authorization-server (and parent topic)
Metadata
Metadata
Assignees
Labels
No labels