MCP Provider
The MCP Provider enables Maverics to act as a Model Context Protocol (MCP) server, exposing identity and authorization capabilities to AI language models and agents.
Configuration Options
MCP supports two transport protocols: Server-Sent Events (SSE) and HTTP Streaming.
Enabled
enabled indicates whether the MCP provider is active.
Transports
transports contains the configuration for MCP communication transports. It supports both Server-Sent Events (SSE) and HTTP Stream transports.
SSE
sse contains the Server-Sent Events transport configuration.
Enabled
enabled indicates whether SSE transport is active.
Base URL
baseURL is the base URL for SSE connections.
BasePath
basePath is the base path for SSE endpoints.
Path
path is the SSE endpoint path.
Message Path
messagePath is the path for SSE message handling.
Keep Alive
keepAlive contains the keep-alive configuration for SSE connections.
Enabled
enabled indicates whether keep-alive messages are active.
Interval
interval is the duration between keep-alive messages.
Stream
stream contains the HTTP Stream transport configuration.
Enabled
enabled indicates whether HTTP Stream transport is active.
Endpoint Path
endpointPath is the endpoint path for HTTP streaming.
Path
path is the HTTP Stream endpoint path.
Session
session contains the session management configuration for stream transport.
Enabled
enabled indicates whether session management is active.
Header Name
headerName is the HTTP header name used for session identification.
Allow Client Termination
allowClientTermination indicates whether clients can terminate sessions.
Timeout
timeout is the session timeout duration.
Authorization
authorization contains the authorization configuration for MCP server protection. It protects MCP endpoints using OAuth 2.0 Bearer tokens.
OAuth
oauth defines the OAuth 2.0 configuration for MCP server protection.
Enabled
enabled indicates whether OAuth 2.0 authorization is active.
Metadata Path
metadataPath is the endpoint path where the protected resource metadata is served.
Servers
servers defines the authorization servers and their configurations.
Well-Known Endpoint
wellKnownEndpoint is the OAuth 2.0/OIDC discovery endpoint.
Refresh Interval
refreshInterval specifies how often to refresh the discovery document.
Token Validation
tokenValidation defines how to validate tokens from this server.
Method
method specifies how tokens should be validated. As of now, only jwt validation is supported.
Expected Audiences
expectedAudiences defines the list of acceptable audiences for access tokens.
Example Configuration
mcpProvider:
enabled: true
transports:
sse:
enabled: true
path: /mcp/sse
messagePath: /mcp/message
keepAlive:
enabled: true
interval: 30s
stream:
enabled: true
path: /stream
session:
enabled: true
headerName: MCP-Session-ID
allowClientTermination: true
timeout: 1h
authorization:
oauth:
enabled: true
metadataPath: /.well-known/oauth-protected-resource
servers:
- wellKnownEndpoint: https://auth.example.com/.well-known/openid_configuration
refreshInterval: 24h
tokenValidation:
method: jwt
expectedAudiences:
- https://mcp.example.com
jwt:
clockSkew: 30s