systemprompt_api/services/proxy/auth/
mod.rs

1//! Proxy authentication and authorization for backend service access.
2//!
3//! Two cohesive halves:
4//!
5//! - `challenge`: validating credential presence and building the RFC 6750 /
6//!   RFC 9728 `WWW-Authenticate` 401/403 OAuth challenges that drive MCP and
7//!   agent clients into the OAuth discovery flow.
8//! - `access`: resolving a service's OAuth requirement from the agent / MCP
9//!   registries and enforcing the required scopes against the authenticated
10//!   user, with the session-cache fallback for already-established MCP
11//!   sessions.
12
13mod access;
14mod challenge;
15
16pub(crate) use access::AccessValidator;
17pub use challenge::OAuthChallengeBuilder;
18pub(crate) use challenge::build_mcp_unknown_service_challenge;

systemprompt_api/services/proxy/auth/mod.rs

systemprompt_api/services/proxy/auth/
mod.rs