PingGateway

McpProtectionFilter

Protects a Model Context Protocol (MCP) server as an OAuth 2.0 protected resource.

This feature has Evolving interface stability. It’s subject to change without notice, even in a minor or maintenance release.

This filter has the following additional OAuth 2.0 resource server capabilities:

  • Registers a static OAuth 2.0 protected resource metadata at the /.well-known/oauth-protected-resource endpoint.

  • Adapts any WWW-Authenticate response header to ensure it includes a resource_metadata directive.

  • Validates the aud claim in the OAuth 2.0 access token to ensure it matches the "resourceId" setting for this filter.

The MCP resource parameter implementation depends on RFC 9728, OAuth 2.0 Protected Resource Metadata, which defines the resource identifier as an HTTPS URL.

In other words, in MCP the resource server protects access to the resource with HTTPS. For this filter, you must therefore access remote resources over HTTPS.

Usage

{
  "name": string,
  "type": "McpProtectionFilter",
  "config": {
    "resourceId": configuration expression<string>,
    "authorizationServerUri": config expression<url>,
    "resourceServerFilter": Filter reference,
    "supportedScopes": [ configuration expression<string>, …​ ]
    "realm": configuration expression<string>,
    "resourceIdPointer": configuration expression<string>
    }
  }
}

Properties

"resourceId": configuration expression<string>, required

The protected resource identifier to return, an https:// URL with no fragment.

"authorizationServerUri": configuration expression<url>, required

The URL of the OAuth 2.0 authorization server to validate access tokens.

"resourceServerFilter": configuration expression<url>, required

The OAuth2ResourceServerFilter to use.

"supportedScopes": _array of configuration expression<string>, optional

List of supported scopes to return in the resource metadata.

These should match the scopes in the settings of the filter that the "resourceServerFilter" references.

Default: none.

"realm": _configuration expression<string>, optional

Name of the realm for authentication challenges and returned to the client application on error.

This should match the realm in the settings of the filter that the "resourceServerFilter" references.

Default: no realm.

"resourceIdPointer": configuration expression<string>, optional

JSON pointer to the resource ID claim in the access token.

Default: "/aud".

More information