feat: support oauth#214
Conversation
|
My main point here is that we currently have to pass accessToken everywhere so the client can retrieve it. We may want to find a way to avoid 'prop drilling.' One idea is to create a context for every request using Ex. function runWithAccessToken(accessToken, callback) { This would have to be inserted in export function getAccessToken() { This would require a decent amount of changes. Maybe there's a better approach out there, so I'll leave it up to you to decide whether to fix the 'prop drilling' here or handle it as an action item later. |
| throw new Error(`Invalid audience: expected ${audience}`); | ||
| } | ||
|
|
||
| console.log('Access token verified successfully.'); |
There was a problem hiding this comment.
Similar to https://github.com/GoogleCloudPlatform/cloud-run-mcp/pull/214/changes#r2764520428. I think we can get rid of all consoles for this function.
| export const oauthMiddleware = async (req, res, next) => { | ||
| //If OAUTH_ENABLED is not true or the request is not a tools/call, skip the middleware | ||
| if ( | ||
| process.env.OAUTH_ENABLED !== 'true' || |
There was a problem hiding this comment.
QQ: Will OAUTH_ENABLED will always be a string?
There was a problem hiding this comment.
Its coming from env file. GCP_STDIO is also being checked in a similar fashion.
| import { extractAccessToken } from './lib/util/helpers.js'; | ||
| import { oauthMiddleware } from './lib/middleware/oauth.js'; | ||
| import { config } from '@dotenvx/dotenvx'; | ||
| config({ quiet: true, ignore: ['MISSING_ENV_FILE'] }); |
There was a problem hiding this comment.
Can we format this code? i.e.
It can be placed after all imports. And a comment can be added above its use to dictate its use.
No description provided.