Expand description
Proxy authentication and authorization for backend service access.
Two cohesive halves:
challenge: validating credential presence and building the RFC 6750 / RFC 9728WWW-Authenticate401/403 OAuth challenges that drive MCP and agent clients into the OAuth discovery flow.access: resolving a service’s OAuth requirement from the agent / MCP registries and enforcing the required scopes against the authenticated user, with the session-cache fallback for already-established MCP sessions.