Documentation
¶
Index ¶
- Variables
- func ContextWithAuthToken(ctx context.Context, token string) context.Context
- func NewAuthRoundTripper(jar http.CookieJar, base http.RoundTripper, rejectTTL time.Duration) (*authtransport.RoundTripper, error)
- func NewAuthRoundTripperWithElicitation(jar http.CookieJar, base http.RoundTripper, rejectTTL time.Duration, ...) (*authtransport.RoundTripper, error)
- func NewAuthRoundTripperWithPrompt(jar http.CookieJar, base http.RoundTripper, rejectTTL time.Duration, ...) (*authtransport.RoundTripper, error)
- func NewClientWithAuthInterceptor(client *mcpclient.Client, rt *authtransport.RoundTripper) *mcpclient.Client
- func NewHeadlessAuthRoundTripper(jar http.CookieJar, base http.RoundTripper, rejectTTL time.Duration) (*authtransport.RoundTripper, error)
- func NewHeadlessFailureRoundTripper(inner http.RoundTripper) http.RoundTripper
- func NewOOBRoundTripper(inner http.RoundTripper, prompt OAuthPrompt) http.RoundTripper
- func OpenSSEWithAuth(ctx context.Context, open SSEOpenFunc, ...) (io.ReadCloser, *http.Response, error)
- func RunWithAuthReconnect(ctx context.Context, tokenFn func(context.Context) (string, time.Time, error), ...) error
- func SSEOpenHTTP(ctx context.Context, hc *http.Client, url string, token string, ...) (io.ReadCloser, *http.Response, error)
- func SubscribeWithAuth(ctx context.Context, client *mcpclient.Client, ...) (*schema.SubscribeResult, error)
- type HeadlessAuthRequiredError
- type OAuthMeta
- type OAuthPrompt
- type OSBrowserPrompt
- type SSEOpenFunc
- type SubscribeRunner
Constants ¶
This section is empty.
Variables ¶
var ErrHeadlessAuthRequired = errors.New("interactive MCP authentication required in headless mode")
Functions ¶
func ContextWithAuthToken ¶
ContextWithAuthToken returns a context that carries a bearer token for the auth RoundTripper.
func NewAuthRoundTripper ¶
func NewAuthRoundTripper(jar http.CookieJar, base http.RoundTripper, rejectTTL time.Duration) (*authtransport.RoundTripper, error)
NewAuthRoundTripper builds an auth RoundTripper configured for BFF exchange and cookie reuse.
func NewAuthRoundTripperWithElicitation ¶
func NewAuthRoundTripperWithElicitation(jar http.CookieJar, base http.RoundTripper, rejectTTL time.Duration, urlHandler authtransport.AuthURLHandler) (*authtransport.RoundTripper, error)
NewAuthRoundTripperWithElicitation builds an auth RoundTripper that surfaces OAuth authorization URLs via a callback instead of opening a CLI browser.
func NewAuthRoundTripperWithPrompt ¶
func NewAuthRoundTripperWithPrompt(jar http.CookieJar, base http.RoundTripper, rejectTTL time.Duration, prompt OAuthPrompt) (*authtransport.RoundTripper, error)
NewAuthRoundTripperWithPrompt wraps the provided base transport with an OOB prompt trigger and builds the auth RoundTripper on top.
func NewClientWithAuthInterceptor ¶
func NewClientWithAuthInterceptor(client *mcpclient.Client, rt *authtransport.RoundTripper) *mcpclient.Client
NewClientWithAuthInterceptor attaches an Authorizer that auto-retries once on 401.
func NewHeadlessAuthRoundTripper ¶ added in v0.1.2
func NewHeadlessAuthRoundTripper(jar http.CookieJar, base http.RoundTripper, rejectTTL time.Duration) (*authtransport.RoundTripper, error)
NewHeadlessAuthRoundTripper builds an auth RoundTripper for non-interactive runtimes such as scheduler/watchdog processes. It reuses cookies and context tokens but refuses to enter browser/OOB/BFF authentication flows.
func NewHeadlessFailureRoundTripper ¶ added in v0.1.2
func NewHeadlessFailureRoundTripper(inner http.RoundTripper) http.RoundTripper
NewHeadlessFailureRoundTripper wraps a transport so headless runtimes fail immediately when a 401 response advertises an interactive authorization URL.
func NewOOBRoundTripper ¶
func NewOOBRoundTripper(inner http.RoundTripper, prompt OAuthPrompt) http.RoundTripper
NewOOBRoundTripper wraps inner with an out-of-band prompt trigger.
func OpenSSEWithAuth ¶
func OpenSSEWithAuth(ctx context.Context, open SSEOpenFunc, tokenFn func(context.Context) (string, time.Time, error)) (io.ReadCloser, *http.Response, error)
OpenSSEWithAuth opens an SSE stream with bearer-first auth, and performs a single re-open on auth-related failures using a freshly obtained token. The provided open function should create a new HTTP request using the bearer token.
func RunWithAuthReconnect ¶
func RunWithAuthReconnect(ctx context.Context, tokenFn func(context.Context) (string, time.Time, error), reconnect func(context.Context) error, runner SubscribeRunner) error
RunWithAuthReconnect runs a streaming subscription with bearer-first auth and performs a single reconnect attempt using a fresh token when the first error is received from the runner. The reconnect callback should rebuild any underlying transports, if necessary.
func SSEOpenHTTP ¶
func SSEOpenHTTP(ctx context.Context, hc *http.Client, url string, token string, headers map[string]string) (io.ReadCloser, *http.Response, error)
SSEOpenHTTP opens an SSE stream with the provided http.Client (whose Transport should be an auth RoundTripper). It sets the Authorization header and standard SSE headers.
func SubscribeWithAuth ¶
func SubscribeWithAuth(ctx context.Context, client *mcpclient.Client, params *schema.SubscribeRequestParams, tokenFn func(context.Context) (string, time.Time, error)) (*schema.SubscribeResult, error)
SubscribeWithAuth performs a streamable subscription with bearer-first auth. It acquires a token via tokenFn, attaches it using WithAuthToken, and calls the client's Subscribe. The caller should configure the MCP client with an auth Authorizer + RoundTripper so a 401 at handshake triggers a single automatic retry.
Types ¶
type HeadlessAuthRequiredError ¶ added in v0.1.2
HeadlessAuthRequiredError indicates that a headless runtime hit an MCP auth flow that requires user interaction.
func (*HeadlessAuthRequiredError) Error ¶ added in v0.1.2
func (e *HeadlessAuthRequiredError) Error() string
func (*HeadlessAuthRequiredError) Unwrap ¶ added in v0.1.2
func (e *HeadlessAuthRequiredError) Unwrap() error
type OAuthMeta ¶
type OAuthMeta struct {
ProviderName string
Scopes []string
ConversationID string
Audience string
Origin string
Timeout time.Duration
}
OAuthMeta carries context about the OAuth interaction that the prompt may show to the user.
type OAuthPrompt ¶
type OAuthPrompt interface {
// PromptOOB presents the authorizationURL to the user (oob mode).
// Do not block for completion; simply present the URL and return
// nil, or return an error if the prompt could not be displayed.
PromptOOB(ctx context.Context, authorizationURL string, meta OAuthMeta) error
}
OAuthPrompt presents an out‑of‑band (OOB) authorization URL to the user. Implementations should return nil when the URL has been presented (e.g. MCP OOB elicitation recorded, or OS browser opened). The transport will still treat the auth as pending and the caller should retry after completion.
type OSBrowserPrompt ¶
type OSBrowserPrompt struct{}
OSBrowserPrompt opens the authorization URL in the system browser.
type SSEOpenFunc ¶
SSEOpenFunc opens an SSE/streaming HTTP request and returns a ReadCloser for the event stream. The function implementation should honor the Authorization header present on the request context (via ContextWithAuthToken) and/or an explicit header set by the caller.
type SubscribeRunner ¶
type SubscribeRunner func(ctx context.Context, token string) (stop func(), errCh <-chan error, err error)
SubscribeRunner starts a streaming subscription and returns a stop function and an error channel. Implementations should close errCh when the stream ends normally; send a non-nil error on auth/transport failures.
Source Files