Skip to content

feat: Enhance authorization token validation with authRequired #222

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: anubhav-authz-required
Choose a base branch
from
Open

feat: Enhance authorization token validation with authRequired #222

wants to merge 2 commits into from

Conversation

anubhav756
Copy link
Contributor

@anubhav756 anubhav756 commented May 6, 2025
edited
Loading

This PR helps determine the necessary authrz tokens for tool invocation. This is achieved by getting authRequired from the tool's schema during parsing and then leveraging new capabilities of the identify_required_authn_params helper.

Improvements

  • During tool parsing, the complete and correct required authorization token requirements are now accurately sourced and passed from the tool's schema.
  • Building on the schema-derived requirements, the identify_required_authn_params helper's new capability to recognize required authorization tokens is now fully utilized.
  • A new ToolboxTool member variable, __required_authz_tokens, is introduced to store these remaining alternative authorization tokens derived from the schema.
  • The tool invocation logic now uses __required_authz_tokens to accurately check if at least one of the required tokens (as defined by the authRequired) has been provided.
  • __required_authz_tokens is updated when auth token getters are added through add_auth_token_getters.

Note

The validation of whether all the given auth token getters are utilized are added in #220.

@anubhav756
fix: Correctly determine remaining required authz tokens
adc8bc2 
This PR fixes an issue where the system could inaccurately identify the authorization tokens still needed for tool invocation.

The `identify_required_authn_params` helper has been updated to leverage its new capability of recognizing all alternatives of required authorization tokens.

A new `ToolboxTool` member variable, `__required_authz_tokens`, now stores these alternatives. The tool invocation logic correctly uses this to check if any matching token has been provided.

This new member variable is also updated correctly by the remaining authz tokens while adding auth token getters, and validated right before tool invocation.
@anubhav756 anubhav756 self-assigned this May 6, 2025
@anubhav756 anubhav756 requested a review from a team as a code owner May 6, 2025 10:46
@anubhav756 anubhav756 changed the title fix: Correctly determine remaining required authz tokens feat: Enhance authorization token validation with authRequired May 6, 2025
@anubhav756 anubhav756 marked this pull request as draft May 6, 2025 11:25
@anubhav756 anubhav756 marked this pull request as ready for review May 6, 2025 11:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kurtisvg kurtisvg Awaiting requested review from kurtisvg

@twishabansal twishabansal Awaiting requested review from twishabansal

Assignees

@anubhav756 anubhav756

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@anubhav756