Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancement: OAuth2.0 support for SSE MCP servers #5676

Open
1 task done
myroslav opened this issue Feb 6, 2025 · 0 comments
Open
1 task done

Enhancement: OAuth2.0 support for SSE MCP servers #5676

myroslav opened this issue Feb 6, 2025 · 0 comments
Labels
✨ enhancement New feature or request

Comments

@myroslav
Copy link

myroslav commented Feb 6, 2025
edited
Loading

What features would you like to see added?

LibreChat is multiuser system. Normally user context is stored in many 3rd party systems (OAuth resource servers) that support OAuth2 authentication protocol. A lot of MCP servers are tailored to provide access to such 3rd party resource servers, that are multiuser as well. There is little chance that each user will be running his/her own MCP server with their own auth credentials to 3rd party resource servers.

MCP developed Authorization support recently. Full specification can be consulted at https://spec.modelcontextprotocol.io/specification/draft/basic/authorization/ (MCP Specification Revision: draft, as of this issue submission).

The most complex and elaborate authorization flow is described in 2.9 Third-Party Authorization Flow section. Such flow does allow user to use AI Agent, that will attempt to use MCP Tool, that will request Authorization that will be relayed to user via LibreChat UI. User will be able to authorize with OAuth2 resource server directly, and MCP server will store user's token for future use with OAuth2 resource server while impersonating user. Similarly MCP server will provide OAuth2 token to LibreChat, that will have to store it in user's settings storage for subsequent use, whenever Agent will be "deciding" to communicate with MCP server again.

More details

NOTE: SSE MCP servers should normally be accessible both to LibreChat and to end users, since Authorization flow requires browser of the user to access OAuth endpoints of the server (Authorization Endpoint, Token Endpoint, and Registration Endpoint).

MCP Client Reference implementation: OAuth support for SSE modelcontextprotocol/inspector#131

Ref: Enhancement: Model Context Protocol (MCP) support #4876

Which components are impacted by your request?

Endpoints

Pictures

Basic OAuth 2.1 Authorization

sequenceDiagram
    participant B as User (Browser)
    participant C as LibreChat
    participant M as MCP Server
    C->>M: MCP Request
    M->>C: HTTP 401 Unauthorized
    Note over C: Generate code_verifier and code_challenge
    C->>B: Open browser with authorization URL + code_challenge
    B->>M: GET /authorize
    Note over M: User logs in and authorizes
    M->>B: Redirect to callback URL with auth code
    B->>C: Callback with authorization code
    C->>M: Token Request with code + code_verifier
    M->>C: Access Token (+ Refresh Token)
    C->>M: MCP Request with Access Token
    Note over C,M: Begin standard MCP message exchange
Loading

Full Authorization Flow (w/ Endpoint Discovery)

sequenceDiagram
    participant B as User (Browser)
    participant C as LibreChat
    participant M as MCP Server
    C->>M: GET /.well-known/oauth-authorization-server
    alt Server Supports Discovery
        M->>C: Authorization Server Metadata
    else No Discovery
        M->>C: 404 (Use default endpoints)
    end
    alt Non-Localhost Redirect URI
        C->>M: POST /register
        M->>C: Client Credentials
    end
    Note over C: Generate PKCE Parameters
    C->>B: Open browser with authorization URL + code_challenge
    B->>M: Authorization Request
    Note over M: User /authorizes
    M->>B: Redirect to callback with authorization code
    B->>C: Authorization code callback
    C->>M: Token Request + code_verifier
    M->>C: Access Token (+ Refresh Token)
    C->>M: API Requests with Access Token
Loading

Decision Flow

flowchart TD
    A[Start Auth Flow] --> B{Check Metadata Discovery}
    B -->|Available| C[Use Metadata Endpoints]
    B -->|Not Available| D[Use Default Endpoints]
    C --> E{Check Redirect URI}
    D --> E
    E -->|Localhost| F[Skip Registration]
    E -->|Non-localhost| G{Check Registration Endpoint}
    G -->|Available| H[Perform Dynamic Registration]
    G -->|Not Available| I[Alternative Registration Required]
    F --> J[Start OAuth Flow]
    H --> J
    I --> J
    J --> K[Generate PKCE Parameters]
    K --> L[Request Authorization]
    L --> M[User Authorization]
    M --> N[Exchange Code for Tokens]
    N --> O[Use Access Token]
Loading

Third-Party Authorization Flow

sequenceDiagram
    participant B as User (Browser)
    participant C as LibreChat
    participant M as MCP Server
    participant T as Third-Party Auth Server
    C->>M: Initial OAuth Request
    M->>B: Redirect to Third-Party /authorize
    B->>T: Authorization Request
    Note over T: User authorizes
    T->>B: Redirect to MCP Server callback
    B->>M: Authorization code
    M->>T: Exchange code for token
    T->>M: Third-party access token
    Note over M: Generate bound MCP token
    M->>B: Redirect to MCP Client callback
    B->>C: MCP authorization code
    C->>M: Exchange code for token
    M->>C: MCP access token
Loading

Code of Conduct

  • I agree to follow this project's Code of Conduct
@myroslav myroslav added the ✨ enhancement New feature or request label Feb 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
✨ enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@myroslav