LearnNewsExamplesServices
Frontmatter
id9589
titleImplement OIDC/OAuth Authorization for KB and Memory MCP Servers (Restoration of #9558)
stateClosed
labels
enhancementdeveloper-experienceaiarchitecture
assignees[]
createdAtMar 29, 2026, 12:01 PM
updatedAtMay 7, 2026, 7:03 PM
githubUrlhttps://github.com/neomjs/neo/issues/9589
authortobiu
commentsCount0
parentIssuenull
subIssues[]
subIssuesCompleted0
subIssuesTotal0
blockedBy[]
blocking[]
closedAtMar 29, 2026, 12:01 PM

Implement OIDC/OAuth Authorization for KB and Memory MCP Servers (Restoration of #9558)

Closed v13.0.0/archive-v13-0-0-chunk-1 enhancementdeveloper-experienceaiarchitecture
tobiu
tobiu commented on Mar 29, 2026, 12:01 PM

Note: This issue was created to restore the accidentally deleted issue #9558 for historical record and changelog integrity.

Implement out-of-the-box OAuth 2.1 / OIDC authorization for the Knowledge Base and Memory Core MCP servers. This enables IaC-driven deployments using standard identity providers like Keycloak.

Requirements:

  • Map NEO_AUTH_HOST, NEO_AUTH_PORT, NEO_AUTH_REALM, NEO_OAUTH_CLIENT_ID, and NEO_OAUTH_CLIENT_SECRET in aiConfig.mjs.
  • In Server.mjs (for both knowledge-base and memory-core):
    • Automatically setup the mcpAuthMetadataRouter for discovery.
    • Implement a tokenVerifier using standard token introspection.
    • Apply the requireBearerAuth middleware to the SSE transport.
  • Ensure the existing authMiddleware escape hatch remains functional.
tobiu added the enhancement label on Mar 29, 2026, 12:01 PM
tobiu added the developer-experience label on Mar 29, 2026, 12:01 PM
tobiu added the ai label on Mar 29, 2026, 12:01 PM
tobiu added the architecture label on Mar 29, 2026, 12:01 PM
tobiu closed this issue on Mar 29, 2026, 12:01 PM