Transport-neutral OAuth authorization lifecycle manager. More...

#include <lifecycle.hpp>

Public Member Functions
	AuthorizationManager (std::string resource, AuthorizationServerMetadata metadata, OAuthClientConfig client)

void	set_resource (std::string resource)

void	set_authorization_server_metadata (AuthorizationServerMetadata metadata)

void	configure_client (OAuthClientConfig client)

void	set_credential_store (std::shared_ptr< CredentialStore > store)

void	set_state_store (std::shared_ptr< StateStore > store)

void	set_token_endpoint (std::shared_ptr< OAuthTokenEndpoint > endpoint)

void	set_client_registration_endpoint (std::shared_ptr< OAuthClientRegistrationEndpoint > endpoint)

void	set_scope_upgrade_config (ScopeUpgradeConfig config)

void	set_authorization_state_ttl (std::chrono::seconds ttl)

OAuthLifecycleState	lifecycle_state () const

const OAuthClientConfig &	client_config () const

const ScopeList &	current_scopes () const

std::chrono::seconds	authorization_state_ttl () const

std::uint32_t	scope_upgrade_attempts () const

CredentialKey	credential_key () const

core::Result< OAuthClientConfig >	configure_client_id (std::string client_id, std::string redirect_uri={}, ScopeList scopes={})

core::Result< OAuthClientConfig >	configure_client_id_metadata_url (std::string client_id_metadata_url, std::string redirect_uri, ScopeList scopes={})

core::Result< OAuthClientConfig >	register_client (ClientRegistrationOptions options, HeaderMap headers={})

core::Result< OAuthClientConfig >	configure_client_for_authorization (ClientIdConfigurationOptions options)

core::Result< OAuthSession >	start_session (AuthorizationSessionRequest request)

core::Result< AuthorizationUrlResult >	start_authorization (ScopeList scopes, PkceChallenge pkce, std::string state, MetadataMap additional_parameters={})

core::Result< TokenSet >	exchange_authorization_code (std::string authorization_code, const std::string &state)

core::Result< TokenRefreshResult >	refresh_access_token ()

core::Result< std::string >	get_access_token (std::chrono::seconds refresh_skew=std::chrono::seconds(30))

core::Result< OAuthRefreshRetryResult >	refresh_after_unauthorized_response (const HttpResponseMetadata &response)

core::Result< TokenSet >	authenticate_client_credentials (ClientCredentialsConfig config)
	SEP-1046: authenticate using the Client Credentials grant.

bool	can_attempt_scope_upgrade () const

core::Result< AuthorizationUrlResult >	request_scope_upgrade (const WwwAuthenticateChallenge &challenge, PkceChallenge pkce, std::string state, MetadataMap additional_parameters={})

Static Public Member Functions
static ScopeList	compute_scope_union (const ScopeList &current, std::string_view required_scope)

Detailed Description

Transport-neutral OAuth authorization lifecycle manager.

This class intentionally contains no crypto and no HTTP client. Callers provide PKCE values and an OAuthTokenEndpoint implementation.

Member Function Documentation

◆ authenticate_client_credentials()

core::Result< TokenSet > mcp::auth::AuthorizationManager::authenticate_client_credentials ( ClientCredentialsConfig config )

inline

SEP-1046: authenticate using the Client Credentials grant.

Performs metadata validation, token exchange, and credential storage in one call. Skips the interactive authorization-code flow entirely.

The documentation for this class was generated from the following file:

sdk/auth/include/cxxmcp/auth/lifecycle.hpp

Public Member Functions

Static Public Member Functions

Detailed Description

Member Function Documentation

◆ authenticate_client_credentials()