Expand description
Authentication state (API keys, mTLS, OAuth JWT) and middleware. Authentication middleware for MCP servers.
Supports multiple authentication methods tried in priority order:
- mTLS client certificate (if configured and peer cert present)
- Bearer token (API key) with Argon2id hash verification
Includes per-source-IP rate limiting on authentication attempts.
Structs§
- ApiKey
Entry - A single API key entry (stored as Argon2id hash in config).
- ApiKey
Summary - Summary of a single API key suitable for admin endpoints.
- Auth
Config - Authentication configuration.
- Auth
Config Summary - Snapshot of the enabled authentication methods for admin endpoints.
- Auth
Counters Snapshot - Snapshot of authentication success/failure counters.
- Auth
Identity - Identity of an authenticated caller.
- Mtls
Config - mTLS client certificate authentication configuration.
- Rate
Limit Config - Rate limiting configuration for authentication attempts.
Enums§
- Auth
Method - How the caller authenticated.
Functions§
- extract_
mtls_ identity - Parse an mTLS client certificate and extract an
AuthIdentity. - generate_
api_ key - Generate a new API key: 256-bit random token + Argon2id hash.
- verify_
bearer_ token - Verify a bearer token against configured API keys.