WORKSPACE_EXTERNAL_URL - add an document usage
This commit is contained in:
Taylor Wilsdon
@@ -39,11 +39,14 @@ class GoogleWorkspaceAuthProvider(AuthProvider):
|
||||
"""Initialize the Google Workspace auth provider."""
|
||||
super().__init__()
|
||||
|
||||
# Get configuration from environment
|
||||
self.client_id = os.getenv("GOOGLE_OAUTH_CLIENT_ID")
|
||||
self.client_secret = os.getenv("GOOGLE_OAUTH_CLIENT_SECRET")
|
||||
self.base_url = os.getenv("WORKSPACE_MCP_BASE_URI", "http://localhost")
|
||||
self.port = int(os.getenv("PORT", os.getenv("WORKSPACE_MCP_PORT", 8000)))
|
||||
# Get configuration from OAuth config
|
||||
from auth.oauth_config import get_oauth_config
|
||||
config = get_oauth_config()
|
||||
|
||||
self.client_id = config.client_id
|
||||
self.client_secret = config.client_secret
|
||||
self.base_url = config.get_oauth_base_url()
|
||||
self.port = config.port
|
||||
|
||||
if not self.client_id:
|
||||
logger.warning("GOOGLE_OAUTH_CLIENT_ID not set - OAuth 2.1 authentication will not work")
|
||||
|
||||
@@ -17,9 +17,8 @@ from googleapiclient.errors import HttpError
|
||||
from auth.scopes import SCOPES
|
||||
from auth.oauth21_session_store import get_oauth21_session_store
|
||||
from auth.credential_store import get_credential_store
|
||||
from auth.oauth_config import get_oauth_config
|
||||
from core.config import (
|
||||
WORKSPACE_MCP_PORT,
|
||||
WORKSPACE_MCP_BASE_URI,
|
||||
get_transport_mode,
|
||||
get_oauth_redirect_uri,
|
||||
)
|
||||
@@ -818,8 +817,9 @@ async def get_authenticated_google_service(
|
||||
from auth.oauth_callback_server import ensure_oauth_callback_available
|
||||
|
||||
redirect_uri = get_oauth_redirect_uri()
|
||||
config = get_oauth_config()
|
||||
success, error_msg = ensure_oauth_callback_available(
|
||||
get_transport_mode(), WORKSPACE_MCP_PORT, WORKSPACE_MCP_BASE_URI
|
||||
get_transport_mode(), config.port, config.base_uri
|
||||
)
|
||||
if not success:
|
||||
error_detail = f" ({error_msg})" if error_msg else ""
|
||||
|
||||
@@ -60,11 +60,14 @@ class GoogleRemoteAuthProvider(RemoteAuthProvider):
|
||||
if not REMOTEAUTHPROVIDER_AVAILABLE:
|
||||
raise ImportError("FastMCP v2.11.1+ required for RemoteAuthProvider")
|
||||
|
||||
# Get configuration from environment
|
||||
self.client_id = os.getenv("GOOGLE_OAUTH_CLIENT_ID")
|
||||
self.client_secret = os.getenv("GOOGLE_OAUTH_CLIENT_SECRET")
|
||||
self.base_url = os.getenv("WORKSPACE_MCP_BASE_URI", "http://localhost")
|
||||
self.port = int(os.getenv("PORT", os.getenv("WORKSPACE_MCP_PORT", 8000)))
|
||||
# Get configuration from OAuth config
|
||||
from auth.oauth_config import get_oauth_config
|
||||
config = get_oauth_config()
|
||||
|
||||
self.client_id = config.client_id
|
||||
self.client_secret = config.client_secret
|
||||
self.base_url = config.get_oauth_base_url()
|
||||
self.port = config.port
|
||||
|
||||
if not self.client_id:
|
||||
logger.error(
|
||||
@@ -86,13 +89,12 @@ class GoogleRemoteAuthProvider(RemoteAuthProvider):
|
||||
# The /mcp/ resource URL is handled in the protected resource metadata endpoint
|
||||
super().__init__(
|
||||
token_verifier=token_verifier,
|
||||
authorization_servers=[AnyHttpUrl(f"{self.base_url}")],
|
||||
resource_server_url=f"{self.base_url}",
|
||||
authorization_servers=[AnyHttpUrl(self.base_url)],
|
||||
resource_server_url=self.base_url,
|
||||
)
|
||||
|
||||
|
||||
logger.debug(
|
||||
f"Initialized GoogleRemoteAuthProvider with base_url={self.base_url}, port={self.port}"
|
||||
f"Initialized GoogleRemoteAuthProvider with base_url={self.base_url}"
|
||||
)
|
||||
|
||||
def get_routes(self) -> List[Route]:
|
||||
|
||||
@@ -25,7 +25,10 @@ class OAuthConfig:
|
||||
# Base server configuration
|
||||
self.base_uri = os.getenv("WORKSPACE_MCP_BASE_URI", "http://localhost")
|
||||
self.port = int(os.getenv("PORT", os.getenv("WORKSPACE_MCP_PORT", "8000")))
|
||||
self.base_url = f"{self.base_uri}"
|
||||
self.base_url = f"{self.base_uri}:{self.port}"
|
||||
|
||||
# External URL for reverse proxy scenarios
|
||||
self.external_url = os.getenv("WORKSPACE_EXTERNAL_URL")
|
||||
|
||||
# OAuth client configuration
|
||||
self.client_id = os.getenv("GOOGLE_OAUTH_CLIENT_ID")
|
||||
@@ -112,10 +115,15 @@ class OAuthConfig:
|
||||
def get_oauth_base_url(self) -> str:
|
||||
"""
|
||||
Get OAuth base URL for constructing OAuth endpoints.
|
||||
|
||||
Uses WORKSPACE_EXTERNAL_URL if set (for reverse proxy scenarios),
|
||||
otherwise falls back to constructed base_url with port.
|
||||
|
||||
Returns:
|
||||
Base URL for OAuth endpoints
|
||||
"""
|
||||
if self.external_url:
|
||||
return self.external_url
|
||||
return self.base_url
|
||||
|
||||
def validate_redirect_uri(self, uri: str) -> bool:
|
||||
@@ -140,6 +148,8 @@ class OAuthConfig:
|
||||
"""
|
||||
return {
|
||||
"base_url": self.base_url,
|
||||
"external_url": self.external_url,
|
||||
"effective_oauth_url": self.get_oauth_base_url(),
|
||||
"redirect_uri": self.redirect_uri,
|
||||
"client_configured": bool(self.client_id),
|
||||
"oauth21_enabled": self.oauth21_enabled,
|
||||
@@ -232,11 +242,12 @@ class OAuthConfig:
|
||||
Returns:
|
||||
Authorization server metadata dictionary
|
||||
"""
|
||||
oauth_base = self.get_oauth_base_url()
|
||||
metadata = {
|
||||
"issuer": self.base_url,
|
||||
"authorization_endpoint": f"{self.base_url}/oauth2/authorize",
|
||||
"token_endpoint": f"{self.base_url}/oauth2/token",
|
||||
"registration_endpoint": f"{self.base_url}/oauth2/register",
|
||||
"issuer": oauth_base,
|
||||
"authorization_endpoint": f"{oauth_base}/oauth2/authorize",
|
||||
"token_endpoint": f"{oauth_base}/oauth2/token",
|
||||
"registration_endpoint": f"{oauth_base}/oauth2/register",
|
||||
"jwks_uri": "https://www.googleapis.com/oauth2/v3/certs",
|
||||
"response_types_supported": ["code", "token"],
|
||||
"grant_types_supported": ["authorization_code", "refresh_token"],
|
||||
|
||||
Reference in New Issue
Block a user