Skip to content

Commit b5736d4

Browse files
hrntknrhrntknr
authored
docs: update README to mention OIDC support in authentication description (#44)
1 parent 64e643b commit b5736d4

1 file changed

Lines changed: 28 additions & 28 deletions

File tree

README.md

Lines changed: 28 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,7 @@ This will automatically obtain and manage Let's Encrypt TLS certificates for you
9090

9191
MCP Auth Proxy is a secure OAuth 2.1 authentication proxy for Model Context Protocol (MCP) servers. MCP servers are expected to support not only standard OAuth 2.1 flows but also Dynamic Client support (e.g., dynamic client registration) and authentication-related .well-known metadata. On top of that, different MCP clients handle tokens differently, which makes implementation tricky.
9292

93-
MCP Auth Proxy sits in front of your MCP services and enforces sign-in with OAuth providers (such as Google or GitHub) or password before users can access protected MCP resources.
93+
MCP Auth Proxy sits in front of your MCP services and enforces sign-in with OAuth providers (such as Google or GitHub or OIDC) or password before users can access protected MCP resources.
9494

9595
## Note
9696

@@ -100,34 +100,34 @@ For a simpler approach to publish local MCP servers over OAuth, consider [MCP Wa
100100

101101
### Environment Variables
102102

103-
| Variable | Required | Description | Default |
104-
| ---------------------- | -------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------ |
105-
| `LISTEN` | No | Server listen address | `:80` |
106-
| `TLS_LISTEN` | No | Address to listen on for TLS | `:443` |
107-
| `AUTO_TLS` | No | Automatically setup TLS certificates from externalURL | `true` |
108-
| `TLS_HOST` | No | Host name for automatic TLS certificate | - |
109-
| `TLS_DIRECTORY_URL` | No | ACME directory URL for TLS certificates | `https://acme-v02.api.letsencrypt.org/directory` |
110-
| `TLS_ACCEPT_TOS` | No | Accept TLS terms of service | `false` |
111-
| `DATA_PATH` | No | Data directory path | `./data` |
112-
| `EXTERNAL_URL` | No | External URL for OAuth callbacks | `http://localhost` |
113-
| `GOOGLE_CLIENT_ID` | No | Google OAuth client ID | - |
114-
| `GOOGLE_CLIENT_SECRET` | No | Google OAuth client secret | - |
115-
| `GOOGLE_ALLOWED_USERS` | No | Comma-separated list of allowed Google emails | - |
116-
| `GITHUB_CLIENT_ID` | No | GitHub OAuth client ID | - |
117-
| `GITHUB_CLIENT_SECRET` | No | GitHub OAuth client secret | - |
118-
| `GITHUB_ALLOWED_USERS` | No | Comma-separated list of allowed GitHub usernames | - |
103+
| Variable | Required | Description | Default |
104+
| ------------------------ | -------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------ |
105+
| `LISTEN` | No | Server listen address | `:80` |
106+
| `TLS_LISTEN` | No | Address to listen on for TLS | `:443` |
107+
| `AUTO_TLS` | No | Automatically setup TLS certificates from externalURL | `true` |
108+
| `TLS_HOST` | No | Host name for automatic TLS certificate | - |
109+
| `TLS_DIRECTORY_URL` | No | ACME directory URL for TLS certificates | `https://acme-v02.api.letsencrypt.org/directory` |
110+
| `TLS_ACCEPT_TOS` | No | Accept TLS terms of service | `false` |
111+
| `DATA_PATH` | No | Data directory path | `./data` |
112+
| `EXTERNAL_URL` | No | External URL for OAuth callbacks | `http://localhost` |
113+
| `GOOGLE_CLIENT_ID` | No | Google OAuth client ID | - |
114+
| `GOOGLE_CLIENT_SECRET` | No | Google OAuth client secret | - |
115+
| `GOOGLE_ALLOWED_USERS` | No | Comma-separated list of allowed Google emails | - |
116+
| `GITHUB_CLIENT_ID` | No | GitHub OAuth client ID | - |
117+
| `GITHUB_CLIENT_SECRET` | No | GitHub OAuth client secret | - |
118+
| `GITHUB_ALLOWED_USERS` | No | Comma-separated list of allowed GitHub usernames | - |
119119
| `OIDC_CONFIGURATION_URL` | No | OIDC configuration URL | - |
120-
| `OIDC_CLIENT_ID` | No | OIDC client ID | - |
121-
| `OIDC_CLIENT_SECRET` | No | OIDC client secret | - |
122-
| `OIDC_SCOPES` | No | Comma-separated list of OIDC scopes | `openid,profile,email` |
123-
| `OIDC_USER_ID_FIELD` | No | JSON pointer to user ID field in userinfo endpoint response | `/email` |
124-
| `OIDC_PROVIDER_NAME` | No | Display name for OIDC provider | `OIDC` |
125-
| `OIDC_ALLOWED_USERS` | No | Comma-separated list of allowed OIDC users | - |
126-
| `PASSWORD` | No | Plain text password (will be hashed with bcrypt) | - |
127-
| `PASSWORD_HASH` | No | Bcrypt hash of password for authentication | - |
128-
| `PROXY_BEARER_TOKEN` | No | Bearer token to add to Authorization header when proxying requests | - |
129-
| `PROXY_HEADERS` | No | Comma-separated list of headers to add when proxying requests (format: Header1:Value1,Header2:Value2) | - |
130-
| `MODE` | No | Set to `debug` for development mode | `production` |
120+
| `OIDC_CLIENT_ID` | No | OIDC client ID | - |
121+
| `OIDC_CLIENT_SECRET` | No | OIDC client secret | - |
122+
| `OIDC_SCOPES` | No | Comma-separated list of OIDC scopes | `openid,profile,email` |
123+
| `OIDC_USER_ID_FIELD` | No | JSON pointer to user ID field in userinfo endpoint response | `/email` |
124+
| `OIDC_PROVIDER_NAME` | No | Display name for OIDC provider | `OIDC` |
125+
| `OIDC_ALLOWED_USERS` | No | Comma-separated list of allowed OIDC users | - |
126+
| `PASSWORD` | No | Plain text password (will be hashed with bcrypt) | - |
127+
| `PASSWORD_HASH` | No | Bcrypt hash of password for authentication | - |
128+
| `PROXY_BEARER_TOKEN` | No | Bearer token to add to Authorization header when proxying requests | - |
129+
| `PROXY_HEADERS` | No | Comma-separated list of headers to add when proxying requests (format: Header1:Value1,Header2:Value2) | - |
130+
| `MODE` | No | Set to `debug` for development mode | `production` |
131131

132132
### OAuth Provider Setup
133133

0 commit comments

Comments
 (0)