Skip to content

Commit a870643

Browse files
tuannvmtuannvm
committed
docs(README.md): Add detailed request and token validation flow diagrams
Signed-off-by: Tommy Nguyen <tuannvm@hotmail.com>
1 parent 106d2fb commit a870643

File tree

1 file changed

+60
-10
lines changed

1 file changed

+60
-10
lines changed

README.md

Lines changed: 60 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -54,19 +54,69 @@ http.ListenAndServe(":8080", handler)
5454

5555
## How It Works
5656

57+
### Request Flow
58+
5759
```mermaid
5860
sequenceDiagram
5961
participant Client
60-
participant Your Server
61-
participant oauth-mcp-proxy
62-
participant OAuth Provider
63-
64-
Client->>Your Server: Request with Bearer token
65-
Your Server->>oauth-mcp-proxy: Validate token
66-
oauth-mcp-proxy->>OAuth Provider: Check token (cached 5min)
67-
OAuth Provider->>oauth-mcp-proxy: Valid + user claims
68-
oauth-mcp-proxy->>Your Server: Authenticated user in context
69-
Your Server->>Client: Execute protected tool
62+
participant MCP Server
63+
box lightyellow oauth-mcp-proxy Library
64+
participant Middleware
65+
participant Cache
66+
participant Provider
67+
end
68+
participant Your Tool Handler
69+
70+
Client->>MCP Server: Request + Bearer token
71+
MCP Server->>Middleware: WithOAuth() intercepts
72+
73+
alt Token in cache and fresh
74+
Middleware->>Cache: Check token hash
75+
Cache-->>Middleware: Return cached user
76+
else Token not cached or expired
77+
Middleware->>Provider: Validate token (HMAC/OIDC)
78+
Provider-->>Middleware: User claims
79+
Middleware->>Cache: Store user for 5 minutes
80+
end
81+
82+
Middleware->>Your Tool Handler: Pass request with user in context
83+
Your Tool Handler->>Your Tool Handler: GetUserFromContext(ctx)
84+
Your Tool Handler-->>Client: Send response
85+
```
86+
87+
### Token Validation Flow
88+
89+
```mermaid
90+
flowchart TB
91+
Start([Your MCP Server receives request]) --> Extract[oauth-mcp-proxy: Extract Token]
92+
Extract --> Hash[oauth-mcp-proxy: SHA-256 Hash]
93+
Hash --> CheckCache{oauth-mcp-proxy: Token Cached?}
94+
95+
CheckCache -->|Cache Hit| GetUser[oauth-mcp-proxy: Get Cached User]
96+
CheckCache -->|Cache Miss| Validate{oauth-mcp-proxy: Validate}
97+
98+
Validate -->|Valid| Claims[oauth-mcp-proxy: Extract Claims]
99+
Validate -->|Invalid| Reject([Return 401])
100+
101+
Claims --> Store[oauth-mcp-proxy: Cache]
102+
Store --> GetUser
103+
104+
GetUser --> Context[oauth-mcp-proxy: Add User to Context]
105+
Context --> Tool[Your Tool Handler: GetUserFromContext]
106+
Tool --> Response([Your MCP Server: Return Response])
107+
108+
style Start fill:#e8f5e9
109+
style Extract fill:#fff9c4
110+
style Hash fill:#fff9c4
111+
style CheckCache fill:#fff9c4
112+
style Validate fill:#fff9c4
113+
style Claims fill:#fff9c4
114+
style Store fill:#fff9c4
115+
style GetUser fill:#fff9c4
116+
style Context fill:#fff9c4
117+
style Tool fill:#e8f5e9
118+
style Response fill:#e8f5e9
119+
style Reject fill:#ffebee
70120
```
71121

72122
**What oauth-mcp-proxy does:**

0 commit comments

Comments
 (0)