Question about oAuth2 token validation

[goranged-intc]

Hello.

We use Active Directory internally, specifically Azure EntraID, we also use kubernetes and I'm wondering if there is a way to apply token validation for the MCPs in the proxy using the Kubernetes operator approach? I have been reviewing the docs but I can't figure it out.

Thanks, Guillermo.

[Derek2Tu]

Hey @goranged-intc! I lead product at Stacklok, and we’re currently building a feature to integrate with upstream IdPs such as Microsoft Active Directory. I’d love to hear more about your requirements and explore how we can best support them. Here's my calendar link to book a call: https://calendly.com/derek-stacklok/30min Look forward to connecting!

[jhrozek]

Hey @goranged-intc sorry for the late reply. In general you'll need several things for the integration to work:

• the OIDC issuer. This should be https://login.microsoftonline.com/{TENANT_ID}/v2.0
• the client ID. This is what you got when you created an app in Entra
• the JWKs URL. This should be https://login.microsoftonline.com/{TENANT_ID}/discovery/v2.0/keys

You should be then able to put them into the MCPServer CRD either directly or using a ConfigMap.

btw I haven't tried the whole setup, it would be nice to know what the requirements for the setup are (authenticate the users and authorize that they can use the MCP server?). I did get an EntraID account for testing, so I'll be happy to move you along. So far I only tested that I can get a JWT using thv proxy locally to verify that the parameters like keys and OIDC issuer are correct.