Intercept http calls of remote MCP Transportation to manage OAuth

[ardaguclu]

In order to be oauth compatible, MCP Server needs to intercept all http calls and;

• returns 401 with correct header if header does not contain any bearer token
• serves its own endpoint /.well-known/oauth-protected-resource that MCP clients can discover oauth authorization server.

I'm not sure https://github.com/mark3labs/mcp-go provides a way for these 2 requirements. If it does, that is good. If not, we'll need to find a way.

[ardaguclu]

@manusa I think, we need your expertise in here to see what options we have.

[manusa]

We're already intercepting all HTTP calls to capture the custom kubernetes-authorization header here:

https://github.com/manusa/kubernetes-mcp-server/blob/754da19d81438c435ca5434573b65e4c0fb1e1e8/pkg/mcp/mcp.go#L123-L125

The function is consumed by the SSE and streamable HTTP server instances:

https://github.com/manusa/kubernetes-mcp-server/blob/754da19d81438c435ca5434573b65e4c0fb1e1e8/pkg/mcp/mcp.go#L80-L81

https://github.com/manusa/kubernetes-mcp-server/blob/754da19d81438c435ca5434573b65e4c0fb1e1e8/pkg/mcp/mcp.go#L89-L91

However, for the standard OAuth flows, there should probably be something built-in from the library

There's a discussion here:

mark3labs/mcp-go#394

And a couple of issues:

• Task: OAuth Resource Server Classification mark3labs/mcp-go#411
• Task: Require Resource Indicators (RFC 8707) mark3labs/mcp-go#412

But not much more unfortunately.

The fact that the spec is rapidly evolving (last published version from yesterday -2025-06-18-) doesn't help with the progress either.

To facilitate the implementation, we should probably start from a concrete scenario (given MCP client, llm, OAuth server, etc.) and see how to wire in everything that's needed.

As far as I see it, the MCP server part should really be minimal since it only acts an intermediary between the OAuth server and the MCP client.

[ardaguclu]

This PR #153 provides the foundations for this requirement.

[ardaguclu]

The desciption also says that "serves its own endpoint /.well-known/oauth-protected-resource that MCP clients can discover oauth authorization server.". Maybe it is better to handle this in a separate issue.