pub trait AuthProvider:
Send
+ Sync
+ 'static {
// Required methods
fn authenticate<'a>(
&'a self,
credentials: &'a Credentials,
) -> AuthFuture<'a>;
fn accepts(&self, credentials: &Credentials) -> bool;
}Expand description
Validates raw Credentials and produces an AuthenticatedIdentity, or
returns McpError::Unauthorized on failure.
The trait is object-safe so providers can be stored as Arc<dyn AuthProvider>
(see DynAuthProvider).
§Implementing your own provider
use mcp_kit::auth::{AuthProvider, AuthFuture, Credentials, AuthenticatedIdentity};
use mcp_kit::McpResult;
struct MyProvider;
impl AuthProvider for MyProvider {
fn authenticate<'a>(&'a self, creds: &'a Credentials) -> AuthFuture<'a> {
Box::pin(async move {
match creds {
Credentials::Bearer { token } if token == "secret" => {
Ok(AuthenticatedIdentity::new("user"))
}
_ => Err(mcp_kit::McpError::Unauthorized("invalid token".into())),
}
})
}
fn accepts(&self, creds: &Credentials) -> bool {
matches!(creds, Credentials::Bearer { .. })
}
}Required Methods§
Sourcefn authenticate<'a>(&'a self, credentials: &'a Credentials) -> AuthFuture<'a>
fn authenticate<'a>(&'a self, credentials: &'a Credentials) -> AuthFuture<'a>
Validate credentials and return the authenticated identity, or an error.
Sourcefn accepts(&self, credentials: &Credentials) -> bool
fn accepts(&self, credentials: &Credentials) -> bool
Returns true if this provider knows how to handle the given credential
variant. Used by CompositeAuthProvider to select the right delegate
without unnecessarily calling authenticate.