[FEATURE][AUTH]: Support external OIDC bearer tokens on API and MCP endpoints

[jppjr]

📓 Additional Context

A client has been working with ContextForge MCP Hub and has successfully configured Keycloak as an SSO identity provider. They report that the browser-based SSO login flow works excellently — OIDC tokens are validated via JWKS, users are auto-provisioned, and realm roles are correctly mapped to ContextForge RBAC roles.

However, the client has encountered a limitation when attempting to extend this trust relationship to programmatic API access.

Use Case:
The client has AI agents (MCP clients) that need to authenticate against the MCP Hub endpoints (/mcp/, /tools, etc.) using machine-to-machine credentials. Their approach is to have these agents obtain an access token from the same OIDC identity provider that ContextForge already trusts for SSO (via the OAuth2 client_credentials grant) and present that token as a Bearer token on API requests.

Observed Behavior:
When an MCP client sends a Bearer token issued by the configured SSO IdP (Keycloak, but applicable to OAM, PING, etc.), the API authentication layer rejects it. It appears that the API/MCP endpoint authentication only validates internally-minted JWTs (signed with JWT_SECRET_KEY), rather than also accepting tokens from the trusted external IdP and validating them via the JWKS endpoint — even though the SSO flow already has the full OIDC/JWKS validation logic in place.

In other words, the trust relationship with the external IdP seems to be scoped exclusively to the browser-based SSO flow and does not extend to Bearer token authentication on API endpoints.

Expected Behavior:
Since ContextForge has a configured and verified trust relationship with the external IdP (JWKS URI, issuer validation, role mappings, etc.), the client expected that tokens issued by that same IdP would also be accepted as valid Bearer tokens on API and MCP endpoints — with the same role mapping and RBAC enforcement applied. This would enable a unified authentication model where both human users and service accounts authenticate through the same corporate identity provider.

Client Questions:

Is this a known limitation, or is there a missing configuration option that enables external OIDC token validation on API endpoints?

If this is not currently supported, is there a recommended approach for authenticating MCP clients/agents through a corporate OIDC provider without requiring them to have knowledge of ContextForge's internal JWT signing key?

Is support for external IdP bearer tokens on API endpoints on the roadmap?

This capability is described as vital for enterprise deployments where centralized identity management is a requirement for both human users and AI agents/service integrations.

[brian-hussey]

Hi @jppjr,
This is a known defect at this time. The existing defect for this is here: #150, it is currently planned to be part of the GA release.

[asasar]

Confirming this behavior with Microsoft Entra ID as well (not only Keycloak).

We validated the same pattern in an Azure Entra ID setup:

• Browser SSO works correctly.
• OIDC trust is configured (issuer/JWKS/audience).
• API/MCP calls using Entra-issued bearer tokens (client credentials flow) are rejected.

What we observe is aligned with the issue description:

• The API/MCP auth path appears to accept internally minted/local JWTs,
• but does not yet validate external IdP bearer tokens via JWKS on those endpoints,
• even though OIDC/JWKS validation already exists in the SSO flow.

Environment details (redacted):

• IdP: Microsoft Entra ID
• Issuer: https://login.microsoftonline.com/<tenant-id>/v2.0
• JWKS: https://login.microsoftonline.com/<tenant-id>/discovery/v2.0/keys
• Audience expected by API: api://<app-id-uri>
• Token type tested: Access token from OAuth2 client_credentials

Impact:

• Blocks machine-to-machine integrations for MCP clients/agents using service principals/workload identities.
• Prevents a unified enterprise identity model for both UI users and API clients.

[crivetimihai]

Thanks @jppjr. This is a key gap — the gateway trusts external OIDC tokens for SSO browser flows but not for programmatic API/MCP access. Implementing this requires: (1) JWKS-based token signature validation against the external IdP, (2) claims extraction and mapping to ContextForge identity, (3) JWKS key caching. We'll prioritize this for post-1.0.0 as it enables machine-to-machine auth flows that many enterprise deployments need.