Class: RailsAiBridge::Mcp::Auth::Strategies::BearerToken

Inherits:

BaseStrategy

Object
BaseStrategy
RailsAiBridge::Mcp::Auth::Strategies::BearerToken

show all

Defined in:: lib/rails_ai_bridge/mcp/auth/strategies/bearer_token.rb

Overview

Authenticates HTTP MCP requests using a Bearer token.

Supports two modes, selected at construction time:

Resolver mode — when +token_resolver+ is provided the raw Bearer string is passed to the lambda; a truthy return value becomes the RailsAiBridge::Mcp::AuthResult#context. Use this to look up a user from a database token or validate an opaque API key via a third-party service.
Static secret mode — when no resolver is given the token is compared timing-safely to the value returned by +static_token_provider+. Suitable for shared secrets in +config.http_mcp_token+ / ENV.

Examples:

Static secret

BearerToken.new(static_token_provider: -> { Rails.application.credentials.mcp_token })

Resolver (Devise)

BearerToken.new(
  static_token_provider: -> { nil },
  token_resolver: ->(token) { User.find_by(api_token: token) }
)

Instance Method Summary collapse

#authenticate(request) ⇒ AuthResult
Authenticates the incoming request.
#initialize(static_token_provider:, token_resolver: nil) ⇒ BearerToken constructor
A new instance of BearerToken.

Methods inherited from BaseStrategy

#extract_bearer

Constructor Details

#initialize(static_token_provider:, token_resolver: nil) ⇒ `BearerToken`

Returns a new instance of BearerToken.

Parameters:

static_token_provider (Proc) —
callable returning +String+ or +nil+
token_resolver (Proc, nil) (defaults to: nil) —
+->(raw_token) { context_or_nil_or_false }+

# File 'lib/rails_ai_bridge/mcp/auth/strategies/bearer_token.rb', line 33

def initialize(static_token_provider:, token_resolver: nil)
  super()
  @static_token_provider = static_token_provider
  @token_resolver = token_resolver
end

Instance Method Details

#authenticate(request) ⇒ `AuthResult`

Authenticates the incoming request.