auth

package

v1.2.2 Latest Latest Go to latest Published: Sep 30, 2025 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/modelcontextprotocol/registry

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type JWTClaims
type JWTManager
- func NewJWTManager(cfg *config.Config) *JWTManager
type Method
type Permission
type PermissionAction
type TokenResponse

Constants ¶

This section is empty.

Variables ¶

View Source

var BlockedNamespaces = []string{}

BlockedNamespaces contains a list of namespaces that are not allowed to publish packages. This is used as a denylist mechanism to prevent abuse.

Functions ¶

This section is empty.

Types ¶

type JWTClaims ¶

type JWTClaims struct {
	jwt.RegisteredClaims
	// Authentication method used to obtain this token
	AuthMethod        Method       `json:"auth_method"`
	AuthMethodSubject string       `json:"auth_method_sub"`
	Permissions       []Permission `json:"permissions"`
}

JWTClaims represents the claims for the Registry JWT token

type JWTManager ¶

type JWTManager struct {
	// contains filtered or unexported fields
}

JWTManager handles JWT token operations

func NewJWTManager ¶

func NewJWTManager(cfg *config.Config) *JWTManager

func (*JWTManager) GenerateTokenResponse ¶

func (j *JWTManager) GenerateTokenResponse(_ context.Context, claims JWTClaims) (*TokenResponse, error)

GenerateToken generates a new Registry JWT token

func (*JWTManager) HasPermission ¶

func (j *JWTManager) HasPermission(resource string, action PermissionAction, permissions []Permission) bool

func (*JWTManager) ValidateToken ¶

func (j *JWTManager) ValidateToken(_ context.Context, tokenString string) (*JWTClaims, error)

ValidateToken validates a Registry JWT token and returns the claims

type Method ¶

type Method string

Method represents the authentication method used

const (
	// GitHub OAuth authentication (access token)
	MethodGitHubAT Method = "github-at"
	// GitHub Actions OIDC authentication
	MethodGitHubOIDC Method = "github-oidc"
	// Generic OIDC authentication
	MethodOIDC Method = "oidc"
	// DNS-based public/private key authentication
	MethodDNS Method = "dns"
	// HTTP-based public/private key authentication
	MethodHTTP Method = "http"
	// No authentication - should only be used for local development and testing
	MethodNone Method = "none"
)

type Permission ¶

type Permission struct {
	Action          PermissionAction `json:"action"`   // The action type (publish or edit)
	ResourcePattern string           `json:"resource"` // e.g., "io.github.username/*"
}

type PermissionAction ¶

type PermissionAction string

PermissionAction represents the type of action that can be performed

const (
	PermissionActionPublish PermissionAction = "publish"
	// Intended for admins taking moderation actions only, at least for now
	PermissionActionEdit PermissionAction = "edit"
)

type TokenResponse ¶

type TokenResponse struct {
	RegistryToken string `json:"registry_token"`
	ExpiresAt     int    `json:"expires_at"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL