Authentication but no security #6
Description
Hi @akshay5995,
Great project. Just a couple of things, and feel free to correct me if I'm wrong. I only encountered the following because I considered using it myself:
- Currently by default this gateway generates the headers in a best practice way and passes them correctly. But unless you have configured limits in your oauth provider as to which users can authenticate (does oauth even support this? Github Apps don't seem to), anyone that has an account with the configured provider can authenticate and receive a token.
But the docs aren't clear that this is a limitation, so if any users configure this following the installation guide (or the suggested docker-compose), they are effectively configuring open access to their MCP server. I didn't see anything about configuring the webserver/upstream mcp server to require specific headers, etc.
- There is most likely a CVE although I haven't tested to verify this as I didn't finish setting it up: the gateway doesn't strip x-user-* headers (see https://github.com/akshay5995/mcp-oauth-gateway/blob/main/src/proxy/mcp_proxy.py), so even if a user configures this anyone with a valid token can spoof eg. x-user-email and bypass restrictions at the webserver level.
I've created this as a single issue as there are possibly other concerns as well: I think the best fix to this would be to, in the short term at least, update the primary readme to have a very obvious disclaimer near the top stating that this is a proof of concept rather than a ready to use project.
Apologies for the badly written issue, I'm just concerned that people might start using this and misunderstand how it works. If you have any questions feel free to reach out.