cxxmcp/api/openssl_2server__auth__provider_8hpp_source.html

// Copyright (c) 2025 [caomengxuan666]


#pragma once


#include <utility>


#include "cxxmcp/auth/openssl/dpop.hpp"

#include "cxxmcp/auth/openssl/jwt.hpp"

#include "cxxmcp/auth/server_auth_provider.hpp"

#include "cxxmcp/core/result.hpp"

#include "cxxmcp/server/auth.hpp"


namespace mcp::auth::openssl {


class StaticJwksDpopBearerAuthProvider final : public server::AuthProvider {

 public:

  StaticJwksDpopBearerAuthProvider(JsonWebKeySet jwks,

                                   DpopReplayCache* replay_cache = nullptr,

                                   DpopAuthProviderOptions auth_options = {},

                                   OpenSslDpopVerifierOptions dpop_options = {})

      : jwt_verifier_(std::move(jwks)),

        dpop_verifier_(std::move(dpop_options)),

        provider_(jwt_verifier_, dpop_verifier_, dpop_access_token_hash,

                  replay_cache, std::move(auth_options)) {}


  core::Result<server::AuthIdentity> authenticate(

      const server::AuthRequest& request) override {

    return provider_.authenticate(request);

  }


 private:

  StaticJwksJwtVerifier jwt_verifier_;

  OpenSslDpopVerifier dpop_verifier_;

  DpopBearerAuthProvider provider_;

};


class FetchingJwksDpopBearerAuthProvider final : public server::AuthProvider {

 public:

  FetchingJwksDpopBearerAuthProvider(

      JwksEndpoint& endpoint, JwksCache* cache,

      FetchingJwksJwtVerifierOptions jwks_options,

      DpopReplayCache* replay_cache = nullptr,

      DpopAuthProviderOptions auth_options = {},

      OpenSslDpopVerifierOptions dpop_options = {})

      : jwt_verifier_(endpoint, cache, std::move(jwks_options)),

        dpop_verifier_(std::move(dpop_options)),

        provider_(jwt_verifier_, dpop_verifier_, dpop_access_token_hash,

                  replay_cache, std::move(auth_options)) {}


  core::Result<server::AuthIdentity> authenticate(

      const server::AuthRequest& request) override {

    return provider_.authenticate(request);

  }


 private:

  FetchingJwksJwtVerifier jwt_verifier_;

  OpenSslDpopVerifier dpop_verifier_;

  DpopBearerAuthProvider provider_;

};


}  // namespace mcp::auth::openssl

mcp::auth::DpopBearerAuthProvider
Server AuthProvider backed by injected JWT and DPoP verifiers.
Definition server_auth_provider.hpp:93

mcp::auth::DpopBearerAuthProvider::authenticate
core::Result< server::AuthIdentity > authenticate(const server::AuthRequest &request) override
Authenticate a transport request.
Definition server_auth_provider.hpp:108

mcp::auth::DpopReplayCache
Replay cache boundary used by DPoP proof validators.
Definition dpop.hpp:138

mcp::auth::JwksCache
Application-provided JWKS cache boundary.
Definition jwks.hpp:69

mcp::auth::JwksEndpoint
Application-provided JWKS retrieval boundary.
Definition jwks.hpp:60

mcp::auth::openssl::FetchingJwksDpopBearerAuthProvider
Owns fetching-JWKS JWT verification plus OpenSSL DPoP proof verification for server deployments.
Definition server_auth_provider.hpp:44

mcp::auth::openssl::FetchingJwksDpopBearerAuthProvider::authenticate
core::Result< server::AuthIdentity > authenticate(const server::AuthRequest &request) override
Authenticate a transport request.
Definition server_auth_provider.hpp:57

mcp::auth::openssl::FetchingJwksJwtVerifier
JWT verifier that fetches and caches JWKS through injected SDK boundaries.
Definition jwt.hpp:304

mcp::auth::openssl::OpenSslDpopVerifier
Definition dpop.hpp:367

mcp::auth::openssl::StaticJwksDpopBearerAuthProvider
Owns static-JWKS JWT verification plus OpenSSL DPoP proof verification for server deployments.
Definition server_auth_provider.hpp:20

mcp::auth::openssl::StaticJwksDpopBearerAuthProvider::authenticate
core::Result< server::AuthIdentity > authenticate(const server::AuthRequest &request) override
Authenticate a transport request.
Definition server_auth_provider.hpp:31

mcp::auth::openssl::StaticJwksJwtVerifier
Definition jwt.hpp:277

mcp::server::AuthProvider
Abstract authentication provider used by server integrations.
Definition auth.hpp:117

jwt.hpp
OpenSSL-backed JWT verification over a trusted JWKS value.

dpop.hpp
OpenSSL-backed DPoP proof signing and verification helpers.

result.hpp
Shared result and error primitives used by the public cxxmcp SDK.

mcp::core::Result
tl::expected< T, Error > Result
Alias for the SDK result type.
Definition result.hpp:64

auth.hpp
Authentication extension points for server transports.

server_auth_provider.hpp
Optional bridge from auth verifiers to server AuthProvider.

mcp::auth::openssl::dpop_access_token_hash
core::Result< std::string > dpop_access_token_hash(std::string_view access_token)
Compute the RFC 9449 DPoP ath value for an access token.
Definition sha256.hpp:29

mcp::auth::DpopAuthProviderOptions
Options for DPoP-aware server authentication over verified tokens.
Definition server_auth_provider.hpp:79

mcp::auth::JsonWebKeySet
JSON Web Key Set value model.
Definition jwks.hpp:40

mcp::auth::openssl::FetchingJwksJwtVerifierOptions
Definition jwt.hpp:290

mcp::auth::openssl::OpenSslDpopVerifierOptions
Definition dpop.hpp:362

mcp::server::AuthRequest
Transport-neutral authentication input.
Definition auth.hpp:91