kai/ColaFlow
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(backend): Add API Key authentication to /mcp-sdk endpoint

Browse Source 
This commit adds API Key authentication support for the Microsoft MCP SDK
endpoint at /mcp-sdk, ensuring secure access control.

Changes:
- Fix ApiKeyPermissions deserialization bug by making constructor public
- Create McpApiKeyAuthenticationHandler for ASP.NET Core authentication
- Add AddMcpApiKeyAuthentication extension method for scheme registration
- Configure RequireMcpApiKey authorization policy in Program.cs
- Apply authentication to /mcp-sdk endpoint with RequireAuthorization()

The authentication validates API keys from Authorization header (Bearer token),
sets user context (TenantId, UserId, Permissions), and returns 401 JSON-RPC
error on failure.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Yaojia Wang
2025-11-23 15:14:09 +01:00
parent 34a379750f
commit b38a9d16fa
4 changed files with 174 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
colaflow-api/src/Modules/Mcp/ColaFlow.Modules.Mcp.Infrastructure/Extensions/McpServiceExtensions.cs
View File

@@ -3,11 +3,13 @@ using ColaFlow.Modules.Mcp.Application.Resources;
using ColaFlow.Modules.Mcp.Application.Services;
using ColaFlow.Modules.Mcp.Contracts.Resources;
using ColaFlow.Modules.Mcp.Domain.Repositories;
using ColaFlow.Modules.Mcp.Infrastructure.Authentication;
using ColaFlow.Modules.Mcp.Infrastructure.BackgroundServices;
using ColaFlow.Modules.Mcp.Infrastructure.Middleware;
using ColaFlow.Modules.Mcp.Infrastructure.Persistence;
using ColaFlow.Modules.Mcp.Infrastructure.Persistence.Repositories;
using ColaFlow.Modules.Mcp.Infrastructure.Services;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Builder;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
@@ -79,6 +81,19 @@ public static class McpServiceExtensions
return services;
}
/// <summary>
/// Adds MCP API Key authentication scheme to the authentication builder.
/// This enables the /mcp-sdk endpoint to use API Key authentication.
/// </summary>
public static AuthenticationBuilder AddMcpApiKeyAuthentication(
this AuthenticationBuilder builder,
Action<McpApiKeyAuthenticationOptions>? configureOptions = null)
{
return builder.AddScheme<McpApiKeyAuthenticationOptions, McpApiKeyAuthenticationHandler>(
McpApiKeyAuthenticationOptions.DefaultScheme,
configureOptions ?? (_ => { }));
}
/// <summary>
/// Adds MCP middleware to the application pipeline
/// IMPORTANT: Middleware order matters - must be in this sequence: