Overview
This epic implements the upstream_inject outgoing auth strategy for vMCP (RFC-0054). The strategy reads upstream IDP access tokens from identity.UpstreamTokens (a map[string]string populated by the embedded authorization server in Mode B) and injects them as Authorization: Bearer headers on outgoing backend requests. It also extends token_exchange with an optional SubjectProviderName field for RFC 8693 subject resolution from upstream provider tokens.
Background
RFC-0052 extended the auth middleware to populate identity.UpstreamTokens after TH-JWT validation, and RFC-0053 wired the embedded AS into vMCP. However, no outgoing auth strategy currently consumes those upstream tokens — backends requiring upstream provider credentials (e.g., a GitHub MCP server needing a GitHub access token) cannot receive them. This epic completes the pipeline by adding the upstream_inject strategy and the startup validation rules V-01, V-02, and V-06 that guard against misconfiguration.
Task Breakdown
| Task ID |
Title |
Depends On |
GitHub Issue # |
| TASK-001 |
Phase 1: Core types and sentinel |
— |
#4144 |
| TASK-002 |
Phase 2: Strategy implementations |
TASK-001 |
#4145 |
| TASK-003 |
Phase 3: Startup validation |
TASK-001 |
#4147 |
| TASK-004 |
Phase 4: CRD and converter |
TASK-001 |
#4146 |
Acceptance Criteria
References
Overview
This epic implements the
upstream_injectoutgoing auth strategy for vMCP (RFC-0054). The strategy reads upstream IDP access tokens fromidentity.UpstreamTokens(amap[string]stringpopulated by the embedded authorization server in Mode B) and injects them asAuthorization: Bearerheaders on outgoing backend requests. It also extendstoken_exchangewith an optionalSubjectProviderNamefield for RFC 8693 subject resolution from upstream provider tokens.Background
RFC-0052 extended the auth middleware to populate
identity.UpstreamTokensafter TH-JWT validation, and RFC-0053 wired the embedded AS into vMCP. However, no outgoing auth strategy currently consumes those upstream tokens — backends requiring upstream provider credentials (e.g., a GitHub MCP server needing a GitHub access token) cannot receive them. This epic completes the pipeline by adding theupstream_injectstrategy and the startup validation rules V-01, V-02, and V-06 that guard against misconfiguration.Task Breakdown
Acceptance Criteria
upstream_injectstrategy readsidentity.UpstreamTokens[providerName]and injectsAuthorization: Beareron outgoing backend requestsErrUpstreamTokenNotFoundsentinel is defined and returned (wrapped with%w) when the provider's token is absentTokenExchangeStrategyuses the upstream provider token as subject whenSubjectProviderNameis settype: upstreamInjectwithUpstreamInjectSpec.providerNameTokenExchangeConfigsupportssubjectProviderNamefieldUpstreamInjectConverterconverts CRD resources toBackendAuthStrategyReferences