Skip to content

v0.14.0: OAuth 2.1 Implementation with Resource Subscriptions

Latest
Latest

Choose a tag to compare

View all tags
@avrabe avrabe released this 04 Dec 18:32
· 23 commits to main since this release
v0.14.0
95e3592

What's New in v0.14.0

This release introduces comprehensive OAuth 2.1 authentication support for MCP servers along with resource subscription capabilities.

OAuth 2.1 Implementation

Complete OAuth 2.1 authorization server implementation with:

  • Dynamic Client Registration (RFC 7591) - Automatic client credential provisioning
  • Authorization Code Flow with PKCE (RFC 7636) - Mandatory S256 code challenge for enhanced security
  • Token Management - Access token and refresh token lifecycle with rotation
  • Resource Indicators (RFC 8707) - Multi-resource OAuth support
  • Authorization Server Metadata (RFC 8414) - Discovery via .well-known/oauth-authorization-server
  • Protected Resource Metadata (RFC 9728) - Resource server discovery

Key features:

  • In-memory storage backend (production-ready persistent storage coming soon)
  • Axum-based HTTP endpoints for OAuth flows
  • Full PKCE validation (no plain method support)
  • Refresh token rotation for improved security
  • Comprehensive test coverage with 26 integration tests

Resource Subscriptions

Phase 1 & 2 implementation:

  • Subscribe/unsubscribe to resource updates
  • Notification delivery for subscribed resources
  • Full integration with existing resource framework

Test Coverage Improvements

  • 26 new OAuth integration tests (basic, endpoints, full flows)
  • PKCE validation test coverage
  • Storage lifecycle tests
  • Authorization and token endpoint integration tests
  • Improved overall patch coverage

Bug Fixes

  • Fixed _meta field in Tool struct doctest example
  • Fixed OAuth doctests compilation errors
  • Added inotify dependency for Linux filesystem monitoring
  • Fixed Docker validation build to include conformance-tests

Breaking Changes

None - all changes are additive.

Migration Guide

To use OAuth 2.1 authentication in your MCP server:

```rust
use pulseengine_mcp_auth::oauth::{OAuthState, oauth_router};

let oauth_state = OAuthState::new_in_memory();
let router = oauth_router().with_state(oauth_state);
```

See the documentation for complete integration examples.

Full Changelog: v0.13.0...v0.14.0

Validation Results

✅ All validation tests passed
✅ Python SDK compatibility verified
✅ JSON-RPC 2.0 compliant
✅ MCP protocol compliant

Assets 3
Loading