One time auth for gateway #1407
Open
+99
β2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Keval Mahajan <[email protected]>
Signed-off-by: Keval Mahajan <[email protected]>
Signed-off-by: Keval Mahajan <[email protected]>
Signed-off-by: Keval Mahajan <[email protected]>
Signed-off-by: Keval Mahajan <[email protected]>
Signed-off-by: Keval Mahajan <[email protected]>
Signed-off-by: Keval Mahajan <[email protected]>
rakdutta
approved these changes
Nov 11, 2025
Collaborator
rakdutta
left a comment
rakdutta
left a comment
There was a problem hiding this comment.
Testing Summary:
Verified and working as expected in the following scenarios:
- MCP with SSE transport β tested using both Bearer and Basic authentication.
- MCP with Streamable transport β tested using both Bearer and Basic authentication.
Tool testing is successful from both the Admin UI and the MCP Inspector (via Streamable transport on the virtual server).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
β¨ Feature / Enhancement PR
π Epic / Issue
Closes #1387
π Summary (1-2 sentences)
Added a one-time authentication configuration for adding MCP servers to the gateway. This feature allows users to access MCP servers via the gateway without storing credentials in the database. Instead of saving the credentials, users must configure them through passthrough headers.
This feature is helpful for someone who does not want to store the credentials in the gateway or cannot use vault plugin but still want to access the server via gateway through passthrough headers.
Key Changes:
X-Upstream-AuthorizationforAuthorizationheaders).Testing Steps:
π§ͺ Checks
make lintpassesmake testpassesπ Notes (optional)
graph LR A[User] --> B["Add MCP Server"] B --> C{"Enable One-Time Authentication?"} C -->|Yes| D["Do Not Store Credentials in DB"] C -->|No| E["Store Credentials in DB"] D --> F["Configure Passthrough Headers (X-Upstream-Authorization)"] F --> G["Create Virtual Server"] G --> H["Link to MCP Server"] H --> I["Add Authentication Headers"] I --> J["Test Connection"] J --> K["Successful Authentication"] E --> L["Create Virtual Server with Stored Credentials"] %% Define styling for steps (Dark mode colors) classDef step fill:#1e1e1e,stroke:#ffffff,stroke-width:2px,color:#f5f5f5; class A,B,C,D,E,F,G,H,I,J,K,L step;