Skip to content

[Feature Request]: Role-Based Access Control (RBAC) - support generic oAuth provider or ldap provider #1093

New issue
New issue
Closed as duplicate of#1213
Feature
Closed as duplicate of#1213
[Feature Request]: Role-Based Access Control (RBAC) - support generic oAuth provider or ldap provider#1093
Feature
Labels
enhancementNew feature or requesttriageIssues / Features awaiting triage
Milestone
Release 0.9.0
@xincheng-96

Description

@xincheng-96
xincheng-96
opened on Sep 22, 2025

🧭 Type of Feature

Please select the most appropriate category:

  • Enhancement to existing functionality
  • New feature or capability
  • New MCP-compliant server
  • New component or integration
  • Developer tooling or test improvement
  • Packaging, automation and deployment (ex: pypi, docker, quay.io, kubernetes, terraform)
  • Other (please describe below)

🧭 Epic

Title: gateway auth supporting generic oAuth provider
Goal: Allow API Gateway users to authenticate via any standards-compliant oAuth 2.0 provider, enabling seamless integration with various identity providers.
Why now: Some organizations require federated login with local, regional, or in-house identity providers. Generic support removes adoption blockers, avoids costly custom integrations, and makes the gateway attractive to a wider range of customers and industries.

🙋♂️ User Story 1

As a: Platform administrator
I want: to configure the gateway with a generic oAuth2 or OIDC provider
So that: my users can log in with any supported identity system, not just major providers.

✅ Acceptance Criteria

Scenario: Admin configures a custom oAuth2 provider
  Given the gateway supports generic oAuth2 configuration
  When I enter endpoints, client ID, secret, and scopes for my provider
  Then users can log in and authenticate with that provider

Scenario: User logs in with a custom oAuth2 provider
  Given the gateway is set to use a non-listed provider
  When a user initiates login
  Then authentication proceeds via that provider and access is granted if successful

📐 Design Sketch (optional)

Include a diagram, sketch, or flow (use Mermaid if desired):

flowchart TD
    A[Client] -->|POST /completions| B(MCPGateway)
    B --> C[Completion Service]
Loading

🔗 MCP Standards Check

  • Change adheres to current MCP specifications
  • No breaking changes to existing MCP-compliant integrations
  • If deviations exist, please describe them below:

🔄 Alternatives Considered

If not approved, allows fully disable gateway auth flow. so we can use auth proxy.
linked to issue #705, I attempted all 3 solutions on v0.7.0 mcp-gateway. all failed with same issue, the UI keep redirecting to login page, and redirect back to to admin page -> detected no token provided, redirect to login page... dead loop till ingress controller kills it.

📓 Additional Context

Include related issues, links to discussions, issues, etc.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requesttriageIssues / Features awaiting triage

    Type

    Feature

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions