Class: MCP::Client::OAuth::ClientCredentialsProvider
- Inherits:
-
Object
- Object
- MCP::Client::OAuth::ClientCredentialsProvider
- Includes:
- StorageBackedProvider
- Defined in:
- lib/mcp/client/oauth/client_credentials_provider.rb
Overview
OAuth client configuration for the OAuth 2.1 client_credentials grant
(machine-to-machine, no user and no browser redirect). Handed to
MCP::Client::HTTP via the oauth: keyword, the same as Provider.
The interactive Authorization Code flow lives in Provider;
this class exists so a credentials-only client never has to supply
the redirect arguments that grant has no use for, mirroring the dedicated
ClientCredentialsProvider in the TypeScript SDK and
ClientCredentialsOAuthProvider in the Python SDK.
Required keyword arguments:
client_id- String identifying the pre-registered confidential client.client_secret- String shared secret. Theclient_credentialsgrant is for confidential clients, so a credential is mandatory.
Optional keyword arguments:
token_endpoint_auth_method-"client_secret_basic"(default) or"client_secret_post"."none"is rejected: an unauthenticatedclient_credentialsrequest is meaningless.scope- String of space-separated scopes to request when the server'sWWW-Authenticateand the Protected Resource Metadata do not specify one.storage- Object responding totokens,save_tokens(tokens),client_information, andsave_client_information(info). Defaults to anInMemoryStorage. Theclient_id/client_secretare written into it so the token exchange reads them through the same path as a pre-registered authorization-code client.
Defined Under Namespace
Classes: InvalidCredentialsError
Constant Summary collapse
- SUPPORTED_AUTH_METHODS =
["client_secret_basic", "client_secret_post"].freeze
Instance Attribute Summary collapse
-
#scope ⇒ Object
readonly
Returns the value of attribute scope.
-
#storage ⇒ Object
readonly
Returns the value of attribute storage.
Instance Method Summary collapse
-
#authorization_flow ⇒ Object
See
Provider#authorization_flow. -
#initialize(client_id:, client_secret:, token_endpoint_auth_method: "client_secret_basic", scope: nil, storage: nil) ⇒ ClientCredentialsProvider
constructor
A new instance of ClientCredentialsProvider.
Methods included from StorageBackedProvider
#access_token, #clear_tokens!, #client_information, #save_client_information, #save_tokens, #tokens
Constructor Details
#initialize(client_id:, client_secret:, token_endpoint_auth_method: "client_secret_basic", scope: nil, storage: nil) ⇒ ClientCredentialsProvider
Returns a new instance of ClientCredentialsProvider.
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
# File 'lib/mcp/client/oauth/client_credentials_provider.rb', line 44 def initialize( client_id:, client_secret:, token_endpoint_auth_method: "client_secret_basic", scope: nil, storage: nil ) if blank?(client_id) raise InvalidCredentialsError, "client_id is required for the client_credentials grant." end unless SUPPORTED_AUTH_METHODS.include?(token_endpoint_auth_method) raise InvalidCredentialsError, "token_endpoint_auth_method must be one of #{SUPPORTED_AUTH_METHODS.inspect} for the " \ "client_credentials grant (got #{token_endpoint_auth_method.inspect}); an unauthenticated " \ "client_credentials request is not allowed." end if blank?(client_secret) raise InvalidCredentialsError, "client_secret is required for the client_credentials grant with #{token_endpoint_auth_method}." end @scope = scope @storage = storage || InMemoryStorage.new @storage.save_client_information( "client_id" => client_id, "client_secret" => client_secret, "token_endpoint_auth_method" => token_endpoint_auth_method, ) end |
Instance Attribute Details
#scope ⇒ Object (readonly)
Returns the value of attribute scope.
42 43 44 |
# File 'lib/mcp/client/oauth/client_credentials_provider.rb', line 42 def scope @scope end |
#storage ⇒ Object (readonly)
Returns the value of attribute storage.
42 43 44 |
# File 'lib/mcp/client/oauth/client_credentials_provider.rb', line 42 def storage @storage end |
Instance Method Details
#authorization_flow ⇒ Object
See Provider#authorization_flow.
77 78 79 |
# File 'lib/mcp/client/oauth/client_credentials_provider.rb', line 77 def :client_credentials end |