api for mcp authorization

zhaohuabing · zhaohuabing · commit 269a9275360b · 2025-11-28T17:29:43.000+08:00
Signed-off-by: Huabing Zhao &lt;zhaohuabing@gmail.com&gt;
diff --git a/api/v1alpha1/mcp_route.go b/api/v1alpha1/mcp_route.go
@@ -192,6 +192,11 @@ type MCPRouteSecurityPolicy struct {
 	//
 	// +optional
 	ExtAuth *egv1a1.ExtAuth `json:"extAuth,omitempty"`
+
+	// Authorization defines the configuration for the MCP spec compatible authorization.
+	//
+	// +optional
+	Authorization *MCPRouteAuthorization `json:"authorization,omitempty"`
 }
 
 // MCPRouteOAuth defines a MCP spec compatible OAuth authentication configuration for a MCPRoute.
@@ -227,6 +232,43 @@ type MCPRouteOAuth struct {
 	ProtectedResourceMetadata ProtectedResourceMetadata `json:"protectedResourceMetadata"`
 }
 
+// MCPRouteAuthorization defines the authorization configuration for a MCPRoute.
+type MCPRouteAuthorization struct {
+	// Rules defines a list of authorization rules.
+	// These rules are evaluated in order, the first matching rule will be applied,
+	// and the rest will be skipped.
+	//
+	// +optional
+	Rules []MCPRouteAuthorizationRule `json:"rules,omitempty"`
+
+	// DefaultAction defines the default action to be taken if no rules match.
+	// If not specified, the default action is Deny.
+	// +optional
+	DefaultAction *egv1a1.AuthorizationAction `json:"defaultAction"`
+}
+
+// MCPRouteAuthorizationRule defines an authorization rule for MCPRoute based on the MCP authorization spec.
+// Reference: https://modelcontextprotocol.io/specification/draft/basic/authorization#scope-challenge-handling
+type MCPRouteAuthorizationRule struct {
+	// Tools defines the list of tool names this rule applies to. The name must be a fully qualified tool name including the backend name.
+	// For example, "mcp-backend-name__tool-name".
+	//
+	// If a request calls a tool in this list, this rule is considered a match.
+	// If this request has a valid JWT token that contains all the required scopes defined in this rule,
+	// the request will be allowed. If not, the request will be denied.
+	//
+	// +kubebuilder:validation:MinItems=1
+	// +kubebuilder:validation:MaxItems=16
+	Tools []string `json:"tools"`
+
+	// Scopes defines the list of JWT scopes required for the rule.
+	// If multiple scopes are specified, all scopes must be present in the JWT for the rule to match.
+	//
+	// +kubebuilder:validation:MinItems=1
+	// +kubebuilder:validation:MaxItems=16
+	Scopes []egv1a1.JWTScope `json:"scopes"`
+}
+
 // JWKS defines how to obtain JSON Web Key Sets (JWKS) either from a remote HTTP/HTTPS endpoint or from a local source.
 // +kubebuilder:validation:XValidation:rule="has(self.remoteJWKS) || has(self.localJWKS)", message="either remoteJWKS or localJWKS must be specified."
 // +kubebuilder:validation:XValidation:rule="!(has(self.remoteJWKS) && has(self.localJWKS))", message="remoteJWKS and localJWKS cannot both be specified."
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/manifests/charts/ai-gateway-crds-helm/templates/aigateway.envoyproxy.io_mcproutes.yaml b/manifests/charts/ai-gateway-crds-helm/templates/aigateway.envoyproxy.io_mcproutes.yaml
@@ -581,6 +581,58 @@ spec:
                     - credentialRefs
                     - extractFrom
                     type: object
+                  authorization:
+                    description: Authorization defines the configuration for the MCP
+                      spec compatible authorization.
+                    properties:
+                      defaultAction:
+                        description: |-
+                          DefaultAction defines the default action to be taken if no rules match.
+                          If not specified, the default action is Deny.
+                        enum:
+                        - Allow
+                        - Deny
+                        type: string
+                      rules:
+                        description: |-
+                          Rules defines a list of authorization rules.
+                          These rules are evaluated in order, the first matching rule will be applied,
+                          and the rest will be skipped.
+                        items:
+                          description: |-
+                            MCPRouteAuthorizationRule defines an authorization rule for MCPRoute based on the MCP authorization spec.
+                            Reference: https://modelcontextprotocol.io/specification/draft/basic/authorization#scope-challenge-handling
+                          properties:
+                            scopes:
+                              description: |-
+                                Scopes defines the list of JWT scopes required for the rule.
+                                If multiple scopes are specified, all scopes must be present in the JWT for the rule to match.
+                              items:
+                                maxLength: 253
+                                minLength: 1
+                                type: string
+                              maxItems: 16
+                              minItems: 1
+                              type: array
+                            tools:
+                              description: |-
+                                Tools defines the list of tool names this rule applies to. The name must be a fully qualified tool name including the backend name.
+                                For example, "mcp-backend-name__tool-name".
+
+                                If a request calls a tool in this list, this rule is considered a match.
+                                If this request has a valid JWT token that contains all the required scopes defined in this rule,
+                                the request will be allowed. If not, the request will be denied.
+                              items:
+                                type: string
+                              maxItems: 16
+                              minItems: 1
+                              type: array
+                          required:
+                          - scopes
+                          - tools
+                          type: object
+                        type: array
+                    type: object
                   extAuth:
                     description: ExtAuth defines the configuration for External Authorization.
                     properties:
diff --git a/site/docs/api/api.mdx b/site/docs/api/api.mdx
@@ -408,6 +408,8 @@ MCPRouteList contains a list of MCPRoute.
 - [LLMRequestCostType](#llmrequestcosttype)
 - [MCPBackendAPIKey](#mcpbackendapikey)
 - [MCPBackendSecurityPolicy](#mcpbackendsecuritypolicy)
+- [MCPRouteAuthorization](#mcprouteauthorization)
+- [MCPRouteAuthorizationRule](#mcprouteauthorizationrule)
 - [MCPRouteBackendRef](#mcproutebackendref)
 - [MCPRouteOAuth](#mcprouteoauth)
 - [MCPRouteSecurityPolicy](#mcproutesecuritypolicy)
@@ -1565,6 +1567,59 @@ MCPBackendSecurityPolicy defines the security policy for a sp
 />
 
 
+#### MCPRouteAuthorization
+
+
+
+**Appears in:**
+- [MCPRouteSecurityPolicy](#mcproutesecuritypolicy)
+
+MCPRouteAuthorization defines the authorization configuration for a MCPRoute.
+
+##### Fields
+
+
+
+<ApiField
+  name="rules"
+  type="[MCPRouteAuthorizationRule](#mcprouteauthorizationrule) array"
+  required="false"
+  description="Rules defines a list of authorization rules.<br />These rules are evaluated in order, the first matching rule will be applied,<br />and the rest will be skipped."
+/><ApiField
+  name="defaultAction"
+  type="[AuthorizationAction](#authorizationaction)"
+  required="false"
+  description="DefaultAction defines the default action to be taken if no rules match.<br />If not specified, the default action is Deny."
+/>
+
+
+#### MCPRouteAuthorizationRule
+
+
+
+**Appears in:**
+- [MCPRouteAuthorization](#mcprouteauthorization)
+
+MCPRouteAuthorizationRule defines an authorization rule for MCPRoute based on the MCP authorization spec.
+Reference: https://modelcontextprotocol.io/specification/draft/basic/authorization#scope-challenge-handling
+
+##### Fields
+
+
+
+<ApiField
+  name="tools"
+  type="string array"
+  required="true"
+  description="Tools defines the list of tool names this rule applies to. The name must be a fully qualified tool name including the backend name.<br />For example, `mcp-backend-name__tool-name`.<br />If a request calls a tool in this list, this rule is considered a match.<br />If this request has a valid JWT token that contains all the required scopes defined in this rule,<br />the request will be allowed. If not, the request will be denied."
+/><ApiField
+  name="scopes"
+  type="JWTScope array"
+  required="true"
+  description="Scopes defines the list of JWT scopes required for the rule.<br />If multiple scopes are specified, all scopes must be present in the JWT for the rule to match."
+/>
+
+
 #### MCPRouteBackendRef
 
 
@@ -1688,6 +1743,11 @@ MCPRouteSecurityPolicy defines the security policy for a MCPRoute.
   type="[ExtAuth](#extauth)"
   required="false"
   description="ExtAuth defines the configuration for External Authorization."
+/><ApiField
+  name="authorization"
+  type="[MCPRouteAuthorization](#mcprouteauthorization)"
+  required="false"
+  description="Authorization defines the configuration for the MCP spec compatible authorization."
 />
 
 
