diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 2be9c43..af55ef0 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "0.2.0" + ".": "0.2.1" } diff --git a/CHANGELOG.md b/CHANGELOG.md index f571309..e74fec8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog +## [0.2.1](https://github.com/hyprmcp/mcp-gateway/compare/0.2.0...0.2.1) (2025-08-28) + + +### Other + +* add config for DCR public/private client ([#36](https://github.com/hyprmcp/mcp-gateway/issues/36)) ([282db47](https://github.com/hyprmcp/mcp-gateway/commit/282db47db602f3f48fcf773af29f3bc96a71ef47)) + ## [0.2.0](https://github.com/hyprmcp/mcp-gateway/compare/0.1.2...0.2.0) (2025-08-27) diff --git a/config/config.go b/config/config.go index 68435fd..62ec6f2 100644 --- a/config/config.go +++ b/config/config.go @@ -18,10 +18,30 @@ type Config struct { } type Authorization struct { - Server string `yaml:"server" json:"server"` - ServerMetadataProxyEnabled bool `yaml:"serverMetadataProxyEnabled" json:"serverMetadataProxyEnabled"` - AuthorizationProxyEnabled bool `yaml:"authorizationProxyEnabled" json:"authorizationProxyEnabled"` - DynamicClientRegistrationEnabled bool `yaml:"dynamicClientRegistrationEnabled" json:"dynamicClientRegistrationEnabled"` + Server string `yaml:"server" json:"server"` + ServerMetadataProxyEnabled bool `yaml:"serverMetadataProxyEnabled" json:"serverMetadataProxyEnabled"` + AuthorizationProxyEnabled bool `yaml:"authorizationProxyEnabled" json:"authorizationProxyEnabled"` + // DynamicClientRegistrationEnabled + // + // Deprecated: use DynamicClientRegistration instead + DynamicClientRegistrationEnabled *bool `yaml:"dynamicClientRegistrationEnabled" json:"dynamicClientRegistrationEnabled"` + DynamicClientRegistration *DynamicClientRegistration `yaml:"dynamicClientRegistration" json:"dynamicClientRegistration"` +} + +func (c *Authorization) GetDynamicClientRegistration() DynamicClientRegistration { + if c.DynamicClientRegistration != nil { + return *c.DynamicClientRegistration + } else if c.DynamicClientRegistrationEnabled != nil && *c.DynamicClientRegistrationEnabled { + return DynamicClientRegistration{true, true} + } else { + return DynamicClientRegistration{false, false} + } + +} + +type DynamicClientRegistration struct { + Enabled bool `yaml:"enabled" json:"enabled"` + PublicClient bool `yaml:"publicClient" json:"publicClient"` } type DexGRPCClient struct { @@ -122,7 +142,7 @@ func (c *Config) Validate() error { return fmt.Errorf("authorization server is required") } - if c.Authorization.DynamicClientRegistrationEnabled { + if c.Authorization.GetDynamicClientRegistration().Enabled { if !c.Authorization.ServerMetadataProxyEnabled { return fmt.Errorf("serverMetadataProxyEnabled must be true when dynamicClientRegistrationEnabled is true") } diff --git a/examples/who-am-i/docker-compose.yaml b/examples/who-am-i/docker-compose.yaml index b757dfb..1548693 100644 --- a/examples/who-am-i/docker-compose.yaml +++ b/examples/who-am-i/docker-compose.yaml @@ -18,7 +18,7 @@ services: - .dex.secret.env gateway: - image: ghcr.io/hyprmcp/mcp-gateway:0.2.0 # x-release-please-version + image: ghcr.io/hyprmcp/mcp-gateway:0.2.1 # x-release-please-version command: [ "serve", @@ -40,7 +40,7 @@ services: required: true who-am-i: - image: ghcr.io/hyprmcp/mcp-who-am-i:0.1.1 + image: ghcr.io/hyprmcp/mcp-who-am-i:0.1.2 ports: - 3000:3000 diff --git a/oauth/authorization_server_metadata.go b/oauth/authorization_server_metadata.go index da6fd9a..f614a3c 100644 --- a/oauth/authorization_server_metadata.go +++ b/oauth/authorization_server_metadata.go @@ -22,7 +22,7 @@ func NewAuthorizationServerMetadataHandler(config *config.Config) http.Handler { http.Error(w, "Failed to retrieve authorization server metadata", http.StatusInternalServerError) } - if config.Authorization.DynamicClientRegistrationEnabled { + if config.Authorization.GetDynamicClientRegistration().Enabled { if _, ok := metadata["registration_endpoint"]; !ok { registrationURI, _ := url.Parse(config.Host.String()) registrationURI.Path = DynamicClientRegistrationPath diff --git a/oauth/dynamic_client_registration.go b/oauth/dynamic_client_registration.go index c09a1dd..e86b801 100644 --- a/oauth/dynamic_client_registration.go +++ b/oauth/dynamic_client_registration.go @@ -54,6 +54,10 @@ func NewDynamicClientRegistrationHandler(config *config.Config, meta map[string] Public: true, } + if !config.Authorization.GetDynamicClientRegistration().PublicClient { + client.Secret = genRandom() + } + clientResponse, err := dexClient.CreateClient(r.Context(), &api.CreateClientReq{Client: &client}) if err != nil { log.Get(r.Context()).Error(err, "failed to create client") diff --git a/oauth/oauth.go b/oauth/oauth.go index defcc4c..9432a03 100644 --- a/oauth/oauth.go +++ b/oauth/oauth.go @@ -63,7 +63,7 @@ func (mgr *Manager) Register(mux *http.ServeMux) error { mux.Handle(AuthorizationServerMetadataPath, NewAuthorizationServerMetadataHandler(mgr.config)) } - if mgr.config.Authorization.DynamicClientRegistrationEnabled { + if mgr.config.Authorization.GetDynamicClientRegistration().Enabled { if handler, err := NewDynamicClientRegistrationHandler(mgr.config, mgr.authServerMeta); err != nil { return err } else {