feat(ai-gateway): How-to for validating MCP tokens locally with JWK verification#4839
feat(ai-gateway): How-to for validating MCP tokens locally with JWK verification#4839tomek-labuk wants to merge 9 commits intomainfrom
Conversation
✅ Deploy Preview for kongdeveloper ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
There was a problem hiding this comment.
Pull request overview
Adds a new MCP how-to guide for validating MCP access tokens locally via JWKS (JWK Set) verification with the AI MCP OAuth2 plugin, using Keycloak as the example authorization server.
Changes:
- Introduces a new how-to page detailing JWKS-based token validation and a local Keycloak setup workflow.
- Adds new Gateway
serviceandrouteentity example YAMLs used by the how-to’s{% entity_examples %}blocks.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| app/_how-tos/mcp/validate-mcp-tokens-with-jwk.md | New how-to describing JWKS-based local JWT validation for MCP using AI MCP OAuth2 + AI MCP Proxy, including validation steps. |
| app/_data/entity_examples/gateway/services/weather-jwk-service.yaml | Adds the upstream WeatherAPI service used by the new how-to. |
| app/_data/entity_examples/gateway/routes/weather-jwk.yaml | Adds the MCP listener route (including the protected-resource metadata path) used by the new how-to. |
| app/_data/entity_examples/gateway/routes/weather-jwk-route.yaml | Adds the conversion-only tools route used by the new how-to. |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
| works_on: | ||
| - on-prem | ||
| - konnect | ||
| min_version: | ||
| gateway: '3.14' | ||
| plugins: | ||
| - ai-mcp-oauth2 | ||
| - ai-mcp-proxy | ||
| entities: |
There was a problem hiding this comment.
This how-to will be picked up by the automated how-to test runner (products include gateway/ai-gateway) but it depends on an external Keycloak container and manual setup steps, so it should either add an automated prereq that starts/configures Keycloak or set automated_tests: false in frontmatter to avoid CI failures.
There was a problem hiding this comment.
@copilot apply changes based on [this feedback] add automated_tests: false(#4839 (comment))
There was a problem hiding this comment.
Added automated_tests: false to the frontmatter in commit f8d3faf.
Agent-Logs-Url: https://github.com/Kong/developer.konghq.com/sessions/9a4753a0-e11e-4fbb-8f78-de8c0275e115 Co-authored-by: tomek-labuk <207846229+tomek-labuk@users.noreply.github.com>
|
|
Description
Fixes #4820
Preview Links
Checklist
descriptionentry in frontmatter.