### Install and Run AuthMCP Gateway CLI Source: https://context7.com/loglux/authmcp-gateway/llms.txt Install the gateway using pip and run it with the built-in CLI. The first run automatically creates necessary configuration files and launches a setup wizard. Various commands are available for starting the server with custom ports or hosts, initializing the database, creating an admin user, and checking the version. ```bash # Install pip install authmcp-gateway # First run – auto-creates .env and data/ directory, then opens setup wizard authmcp-gateway start # Available CLI commands authmcp-gateway start # Start on 0.0.0.0:8000 authmcp-gateway start --port 9000 # Custom port authmcp-gateway start --host 127.0.0.1 # Localhost only authmcp-gateway start --env-file prod.env # Custom .env file authmcp-gateway init-db # Initialize database authmcp-gateway create-admin # Create admin via CLI prompt authmcp-gateway version # Print version # After starting, visit http://localhost:8000/ to complete setup wizard ``` -------------------------------- ### Start Authmcp-Gateway Server Source: https://github.com/loglux/authmcp-gateway/blob/main/README.md Run this command to start the authmcp-gateway server. It automatically creates a .env file, initializes the database, and sets up necessary directories. Access the setup wizard at http://localhost:8000. ```bash authmcp-gateway start # ✓ Auto-creates .env with JWT_SECRET_KEY # ✓ Auto-creates data/ directory # ✓ Initializes database ``` -------------------------------- ### Clone and Configure Authmcp-Gateway with Docker Compose Source: https://github.com/loglux/authmcp-gateway/blob/main/README.md Steps to set up the authmcp-gateway using Docker Compose. Clone the repository, copy the example environment file, and edit it with your settings before starting the containers. ```bash git clone https://github.com/loglux/authmcp-gateway.git cd authmcp-gateway cp .env.example .env # Edit .env with your settings docker-compose up -d ``` -------------------------------- ### Install Project Dependencies Source: https://github.com/loglux/authmcp-gateway/blob/main/README.md Install the project's dependencies, including the gateway itself in editable mode, using pip. ```bash # Install dependencies pip install -e . ``` -------------------------------- ### Install Authmcp-Gateway via PyPI Source: https://github.com/loglux/authmcp-gateway/blob/main/README.md Use this command to install the authmcp-gateway package using pip. This is the recommended installation method. ```bash pip install authmcp-gateway ``` -------------------------------- ### Run the Authmcp-Gateway Source: https://github.com/loglux/authmcp-gateway/blob/main/README.md Start the authmcp-gateway service after setting up the development environment. This command runs the main application. ```bash # Run gateway authmcp-gateway ``` -------------------------------- ### Publish to PyPI Source: https://github.com/loglux/authmcp-gateway/blob/main/docs/RELEASE.md Uploads the built distribution artifacts to the Python Package Index (PyPI). Install twine if necessary. ```bash ./venv/bin/python -m twine upload dist/authmcp_gateway-* ``` -------------------------------- ### Docker Compose Deployment for AuthMCP Gateway Source: https://context7.com/loglux/authmcp-gateway/llms.txt Deploy the AuthMCP Gateway using Docker Compose, alongside backend MCP servers. This example shows how to configure ports, environment variables for JWT secrets and authentication, and volume mounts for persistent data. Access the admin panel after starting the services. ```yaml version: "3.8" services: authmcp-gateway: image: authmcp-gateway ports: - "9105:8000" environment: JWT_SECRET_KEY: "change-me-in-production" AUTH_REQUIRED: "true" ALLOW_DCR: "true" MCP_PUBLIC_URL: "https://gateway.example.com" volumes: - ./data:/app/data rag-mcp: image: my-rag-mcp-server expose: - "8000" ``` ```bash docker-compose up -d # Access admin panel at http://localhost:9105/ ``` -------------------------------- ### Customize Authmcp-Gateway Configuration Source: https://github.com/loglux/authmcp-gateway/blob/main/README.md Download the example .env file to customize settings like PORT, PASSWORD_REQUIRE_SPECIAL, and LOG_LEVEL. Restart the server after applying changes. ```bash curl -o .env https://raw.githubusercontent.com/loglux/authmcp-gateway/main/.env.example.pypi # Common settings to customize in .env: # PORT=9000 # Change server port # PASSWORD_REQUIRE_SPECIAL=false # Relax password requirements # LOG_LEVEL=DEBUG # More detailed logs # Restart to apply changes authmcp-gateway start ``` -------------------------------- ### Rebuild and Start Container with Commit Hash Source: https://github.com/loglux/authmcp-gateway/blob/main/docs/RELEASE.md Injects the current git commit hash into the container build and start process to include it in runtime metadata. ```bash GIT_COMMIT=$(git rev-parse --short HEAD) docker compose build ``` ```bash GIT_COMMIT=$(git rev-parse --short HEAD) docker compose up -d ``` -------------------------------- ### Login to get access token Source: https://github.com/loglux/authmcp-gateway/blob/main/README.md Use this cURL command to log in and obtain an access token. Replace 'your-username' and 'your-password' with your actual credentials. ```bash curl -X POST http://localhost:9105/auth/login \ -H "Content-Type: application/json" \ -d '{"username":"your-username","password":"your-password"}' ``` -------------------------------- ### Authmcp-Gateway CLI Commands Source: https://github.com/loglux/authmcp-gateway/blob/main/README.md A list of available commands for managing the authmcp-gateway, including starting the server with custom options, initializing the database, creating an admin user, and checking the version. ```bash authmcp-gateway start # Start server (default: 0.0.0.0:8000) authmcp-gateway start --port 9000 # Start on custom port authmcp-gateway start --host 127.0.0.1 # Bind to localhost only authmcp-gateway start --env-file custom.env # Use custom config file authmcp-gateway init-db # Initialize database authmcp-gateway create-admin # Create admin user via CLI authmcp-gateway version # Show version authmcp-gateway --help # Show all options ``` -------------------------------- ### List Prompts via Aggregated MCP Source: https://context7.com/loglux/authmcp-gateway/llms.txt Get a list of available prompts using the 'prompts/list' JSON-RPC method. Requires an ACCESS_TOKEN. ```bash BASE="http://localhost:8000" AUTH="-H 'Authorization: Bearer $ACCESS_TOKEN'" curl -s -X POST $BASE/mcp \ -H "Authorization: Bearer $ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d '{"jsonrpc":"2.0","id":6,"method":"prompts/list"}' ``` -------------------------------- ### Docker Health Check Configuration Source: https://context7.com/loglux/authmcp-gateway/llms.txt Example Dockerfile instruction for configuring health checks using the gateway's health endpoint. ```dockerfile # HEALTHCHECK --interval=30s --timeout=5s --retries=3 \ # CMD curl -f http://localhost:8000/health || exit 1 ``` -------------------------------- ### Initialize Aggregated MCP Session Source: https://context7.com/loglux/authmcp-gateway/llms.txt Send an 'initialize' JSON-RPC request to the aggregated MCP endpoint to get merged capabilities from all backends. Requires an ACCESS_TOKEN. ```bash BASE="http://localhost:8000" AUTH="-H 'Authorization: Bearer $ACCESS_TOKEN'" curl -s -X POST $BASE/mcp \ -H "Authorization: Bearer $ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2025-03-26","capabilities":{},"clientInfo":{"name":"my-client","version":"1.0"}}}' ``` -------------------------------- ### Set up Python Virtual Environment Source: https://github.com/loglux/authmcp-gateway/blob/main/README.md Create and activate a Python virtual environment for the project. This isolates project dependencies. Use `venv\Scripts\activate` on Windows. ```bash # Create virtual environment python3 -m venv venv source venv/bin/activate # or `venv\Scripts\activate` on Windows ``` -------------------------------- ### Get Gateway Settings Source: https://context7.com/loglux/authmcp-gateway/llms.txt Retrieves the current configuration settings for the AuthMCP Gateway. ```APIDOC ## GET /admin/api/settings ### Description Fetches the current runtime settings of the AuthMCP Gateway. This includes configurations such as JWT TTL, password policy, and rate limits. ### Method GET ### Endpoint /admin/api/settings ``` -------------------------------- ### Get Current User Info Source: https://github.com/loglux/authmcp-gateway/blob/main/README.md Retrieve information about the currently authenticated user. ```APIDOC ## GET /auth/me ### Description Fetches the details of the user associated with the provided access token. ### Method GET ### Endpoint /auth/me ### Parameters #### Request Headers - **Authorization** (string) - Required - Bearer token for authentication (e.g., `Bearer YOUR_ACCESS_TOKEN`). ### Response #### Success Response (200) - **id** (string) - The user's unique identifier. - **username** (string) - The user's username. - **roles** (array) - List of roles assigned to the user. #### Response Example { "id": "user-123", "username": "testuser", "roles": ["admin", "user"] } ``` -------------------------------- ### Aggregated MCP Endpoint - Get Prompt Source: https://context7.com/loglux/authmcp-gateway/llms.txt Retrieves a specific prompt by name and optional arguments. ```APIDOC ## POST /mcp - Get Prompt ### Description Retrieves a specific prompt by its name and optional arguments. ### Method POST ### Endpoint /mcp ### Headers - Authorization: Bearer $ACCESS_TOKEN - Content-Type: application/json ### Request Body - jsonrpc (string) - Specifies the JSON-RPC protocol version. - id (number) - A unique identifier for the request. - method (string) - The method to call, set to "prompts/get". - params (object) - Parameters for the get method. - name (string) - The name of the prompt to retrieve. - arguments (object) - Optional arguments for the prompt. ### Request Example ```json { "jsonrpc": "2.0", "id": 7, "method": "prompts/get", "params": { "name": "summarize", "arguments": { "language": "English" } } } ``` ``` -------------------------------- ### Build Distribution Artifacts Source: https://github.com/loglux/authmcp-gateway/blob/main/docs/RELEASE.md Builds the source distribution and wheel package for the project. Ensure you are in the project root and have the virtual environment activated. ```bash ./venv/bin/python -m build --no-isolation ``` -------------------------------- ### Register a New User Source: https://context7.com/loglux/authmcp-gateway/llms.txt Use this endpoint to register a new user account. Ensure that `ALLOW_REGISTRATION` is set to `true` in the configuration. Handles success (201), registration disabled (403), weak password (400), and duplicate username (409) errors. ```bash curl -s -X POST http://localhost:8000/auth/register \ -H "Content-Type: application/json" \ -d '{ "username": "bob", "email": "bob@example.com", "password": "B0bSecure!", "full_name": "Bob Smith" }' # HTTP 201 # { # "id": 2, # "username": "bob", # "email": "bob@example.com", # "full_name": "Bob Smith", # "is_active": true, # "is_superuser": false, # "created_at": "2026-04-16T10:00:00Z", # "last_login_at": null # } # Error: registration disabled # HTTP 403 {"detail": "Registration is disabled", "error_code": "REGISTRATION_DISABLED"} # Error: weak password # HTTP 400 {"detail": "Password must contain ...", "error_code": "WEAK_PASSWORD"} # Error: duplicate username # HTTP 409 {"detail": "Username already exists", "error_code": "USERNAME_EXISTS"} ``` -------------------------------- ### Create New User Source: https://context7.com/loglux/authmcp-gateway/llms.txt Register a new user account through the Admin API. Requires an administrator token and user details including username, email, and password. ```bash ADMIN_TOKEN="" # Create a new user curl -s -X POST http://localhost:8000/admin/api/users \ -H "Authorization: Bearer $ADMIN_TOKEN" \ -H "Content-Type: application/json" \ -d '{"username": "charlie", "email": "charlie@example.com", "password": "Ch@rl1ePass!", "is_superuser": false}' ``` -------------------------------- ### Get Token Status for MCP Servers Source: https://context7.com/loglux/authmcp-gateway/llms.txt Check the token status for all backend MCP servers connected to the gateway. ```bash curl -s http://localhost:8000/admin/api/mcp-servers/token-status \ -H "Authorization: Bearer $ADMIN_TOKEN" ``` -------------------------------- ### Load and Save Settings with JavaScript Source: https://github.com/loglux/authmcp-gateway/blob/main/src/authmcp_gateway/templates/admin/settings.html Manages loading settings from the server and saving updated configurations. Includes input validation for numerical fields. ```javascript function settingsManager() { return { showSuccess: false, showError: false, errorMessage: '', init() { // Load settings on component init this.loadSettings(); }, async loadSettings() { try { const response = await fetch('/admin/api/settings'); const settings = await response.json(); // JWT settings document.getElementById('accessTokenTTL').value = settings.jwt?.access_token_expire_minutes || 1440; document.getElementById('refreshTokenTTL').value = settings.jwt?.refresh_token_expire_days || 7; document.getElementById('enforceSingleSession').checked = settings.jwt?.enforce_single_session !== false; // Password policy const policy = settings.password_policy || {}; document.getElementById('passwordMinLength').value = policy.min_length || 8; document.getElementById('requireUppercase').checked = policy.require_uppercase !== false; document.getElementById('requireLowercase').checked = policy.require_lowercase !== false; document.getElementById('requireDigit').checked = policy.require_digit !== false; document.getElementById('requireSpecial').checked = policy.require_special || false; // System settings const system = settings.system || {}; document.getElementById('allowRegistration').checked = system.allow_registration !== false; document.getElementById('authRequired').checked = system.auth_required !== false; document.getElementById('allowDcr').checked = system.allow_dcr === true; // Rate limits const rl = settings.rate_limit || {}; document.getElementById('mcpLimit').value = rl.mcp_limit || 100; document.getElementById('mcpWindow').value = rl.mcp_window || 60; document.getElementById('loginLimit').value = rl.login_limit || 5; document.getElementById('loginWindow').value = rl.login_window || 60; document.getElementById('registerLimit').value = rl.register_limit || 3; document.getElementById('registerWindow').value = rl.register_window || 300; } catch (error) { this.showErrorAlert('Failed to load settings: ' + error.message); } }, async saveSettings() { const parseIntStrict = (id, min, max, label) => { const raw = document.getElementById(id).value; const value = Number.parseInt(raw, 10); if (!Number.isFinite(value)) { throw new Error(`${label} must be a number`); } if (value < min || value > max) { throw new Error(`${label} must be between ${min} and ${max}`); } return value; }; const settings = { jwt: { access_token_expire_minutes: parseIntStrict('accessTokenTTL', 1, 525600, 'Access token lifetime'), refresh_token_expire_days: parseIntStrict('refreshTokenTTL', 1, 365, 'Refresh token lifetime'), enforce_single_session: document.g ``` -------------------------------- ### List All Tools via Aggregated MCP Source: https://context7.com/loglux/authmcp-gateway/llms.txt Retrieve a list of all available tools aggregated from all backends by sending a 'tools/list' JSON-RPC request. Requires an ACCESS_TOKEN. ```bash BASE="http://localhost:8000" AUTH="-H 'Authorization: Bearer $ACCESS_TOKEN'" curl -s -X POST $BASE/mcp \ -H "Authorization: Bearer $ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d '{"jsonrpc":"2.0","id":2,"method":"tools/list"}' ``` -------------------------------- ### Get Severity Badge Source: https://github.com/loglux/authmcp-gateway/blob/main/src/authmcp_gateway/templates/admin/security_logs.html Returns an HTML span element for a severity badge. Uses a default 'UNKNOWN' badge if the severity is not recognized. ```javascript function getSeverityBadge(severity) { const badges = { 'critical': 'CRITICAL', 'high': 'HIGH', 'medium': 'MEDIUM', 'low': 'LOW' }; return badges[severity] || 'UNKNOWN'; } ``` -------------------------------- ### Create and Run Starlette App Source: https://context7.com/loglux/authmcp-gateway/llms.txt This snippet shows how to create a Starlette application using a configuration and run it with uvicorn. Ensure the necessary imports are present. ```python from authmcp_gateway.app import create_app import uvicorn config = {} app = create_app(config=config) if __name__ == "__main__": uvicorn.run(app, host="0.0.0.0", port=8000) ``` -------------------------------- ### Get Severity Color Class Source: https://github.com/loglux/authmcp-gateway/blob/main/src/authmcp_gateway/templates/admin/security_logs.html Returns a CSS class string for styling based on the event severity. Used for border colors. ```javascript function getSeverityColor(severity) { const colors = { 'critical': 'border-red-600', 'high': 'border-orange-600', 'medium': 'border-yellow-600', 'low': 'border-green-600' }; return colors[severity.toLowerCase()] || 'border-gray-400'; } ``` -------------------------------- ### List Resources via Aggregated MCP Source: https://context7.com/loglux/authmcp-gateway/llms.txt Request a list of available resources using the 'resources/list' JSON-RPC method. Requires an ACCESS_TOKEN. ```bash BASE="http://localhost:8000" AUTH="-H 'Authorization: Bearer $ACCESS_TOKEN'" curl -s -X POST $BASE/mcp \ -H "Authorization: Bearer $ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d '{"jsonrpc":"2.0","id":4,"method":"resources/list"}' ``` -------------------------------- ### Get Current User Info Source: https://context7.com/loglux/authmcp-gateway/llms.txt Retrieves the profile information for the currently authenticated user. This endpoint is protected and requires a valid access token. ```bash curl -s http://localhost:8000/auth/me \ -H "Authorization: Bearer $ACCESS_TOKEN" # { # "id": 1, # "username": "alice", # "email": "alice@example.com", # "full_name": "Alice", # "is_active": true, # "is_superuser": false, # "created_at": "2026-01-01T00:00:00Z", # "last_login_at": "2026-04-16T09:00:00Z", # "sub": "1", # "preferred_username": "alice", # "name": "Alice", # "email_verified": true # } ``` -------------------------------- ### OpenID Connect Discovery Configuration Source: https://context7.com/loglux/authmcp-gateway/llms.txt Retrieve OpenID Connect discovery configuration details from the /.well-known/openid-configuration endpoint. ```bash curl -s http://localhost:8000/.well-known/openid-configuration ``` -------------------------------- ### Clone Authmcp-Gateway Repository Source: https://github.com/loglux/authmcp-gateway/blob/main/README.md Clone the authmcp-gateway repository locally to begin development. This command downloads the entire project to your machine. ```bash # Clone repository git clone https://github.com/loglux/authmcp-gateway.git cd authmcp-gateway ``` -------------------------------- ### Get Severity Icon Source: https://github.com/loglux/authmcp-gateway/blob/main/src/authmcp_gateway/templates/admin/security_logs.html Returns an icon name string for severity levels. Provides a default 'help-circle' icon for unrecognized severity values. ```javascript function getSeverityIcon(severity) { const icons = { 'critical': 'alert-triangle', 'high': 'shield-alert', 'medium': 'alert-circle', 'low': 'info' }; return icons[severity] || 'help-circle'; } ``` -------------------------------- ### Get Event Icon Color Source: https://github.com/loglux/authmcp-gateway/blob/main/src/authmcp_gateway/templates/admin/security_logs.html Returns a CSS class for coloring the event icon based on its type and severity. Enhances visual distinction. ```javascript function getIconColor(eventType, severity) { const colors = { 'critical': 'text-red-600', 'high': 'text-orange-600', 'medium': 'text-yellow-600', 'low': 'text-green-600' }; return colors[severity.toLowerCase()] || 'text-gray-600'; } ``` -------------------------------- ### User Login with POST /auth/login Source: https://context7.com/loglux/authmcp-gateway/llms.txt Authenticate a user by sending a POST request to `/auth/login` with username and password. The response includes JWT access and refresh tokens, token type, and expiration time. Error cases for invalid credentials, disabled accounts, and rate limiting are also shown. ```bash # Login and capture tokens RESPONSE=$(curl -s -X POST http://localhost:8000/auth/login \ -H "Content-Type: application/json" \ -d '{"username": "alice", "password": "S3cur3P@ss!"}') echo "$RESPONSE" # { # "access_token": "eyJhbGci...", # "refresh_token": "eyJhbGci...", # "token_type": "bearer", # "expires_in": 604800 # } ACCESS_TOKEN=$(echo "$RESPONSE" | python3 -c "import sys,json; print(json.load(sys.stdin)['access_token'])") REFRESH_TOKEN=$(echo "$RESPONSE" | python3 -c "import sys,json; print(json.load(sys.stdin)['refresh_token'])") # Error cases # 401 {"detail": "Invalid username or password", "error_code": "INVALID_CREDENTIALS"} # 403 {"detail": "Account is disabled", "error_code": "ACCOUNT_DISABLED"} # 429 {"detail": "Too many login attempts...", "error_code": "RATE_LIMIT_EXCEEDED", "retry_after": 42} ``` -------------------------------- ### Get Event Icon Source: https://github.com/loglux/authmcp-gateway/blob/main/src/authmcp_gateway/templates/admin/security_logs.html Determines the appropriate Lucide icon name based on event type and severity. Used for visual representation of events. ```javascript function getEventIcon(eventType, severity) { const icons = { 'unauthorized_access': 'shield-alert', 'rate_limited': 'timer', 'suspicious_payload': 'bug', 'auth_failed': 'user-x' }; return icons[eventType.toLowerCase()] || 'alert-triangle'; } ``` -------------------------------- ### Initialize User Management JavaScript Source: https://github.com/loglux/authmcp-gateway/blob/main/src/authmcp_gateway/templates/admin/users.html Initializes the user management interface, including loading users and setting up event handlers. This function should be called on page load. ```javascript function usersManager() { return { showCreateModal: false, showAccessModal: false, passwordMatch: null, accessLoading: false, accessUser: null, accessServers: [], init() { this.loadUsers(); }, handleAction(event) { const btn = event.target.closest('\\[data-action\\]'); if (!btn) return; const action = btn.dataset.action; const id = parseInt(btn.dataset.id); const name = btn.dataset.name || ''; if (action === 'access') this.openAccessModal(id, name); else if (action === 'toggle-status') this.toggleUserStatus(id, btn.dataset.active === 'true'); else if (action === 'superuser') this.makeSuperuser(id); else if (action === 'delete') this.deleteUser(id, name); }, checkPasswordMatch() { const password = document.getElementById('password').value; const confirmPassword = document.getElementById('confirmPassword').value; if (confirmPassword === '') { this.passwordMatch = null; return; } this.passwordMatch = password === confirmPassword; }, async createUser() { const username = document.getElementById('username').value; const email = document.getElementById('email').value; const password = document.getElementById('password').value; const confirmPassword = document.getElementById('confirmPassword').value; const is_superuser = document.getElementById('isSuperuser').checked; if (password !== confirmPassword) { showToast('Passwords do not match!', 'error'); return; } try { const response = await fetch('/admin/api/users', { method: 'POST', headers: {'Content-Type': 'application/json'}, body: JSON.stringify({username, email, password, is_superuser}) }); if (response.ok) { this.showCreateModal = false; document.getElementById('createUserForm').reset(); this.passwordMatch = null; await this.loadUsers(); showToast('User created successfully!'); } else { const error = await response.json(); showToast(error.error || error.detail || 'Failed to create user', 'error'); } } catch (error) { showToast(error.message, 'error'); } }, async loadUsers() { try { const response = await fetch('/admin/api/users'); const users = await response.json(); const tbody = document.getElementById('usersTableBody'); tbody.innerHTML = users.map(user => ` ${user.id} ${esc(user.username)} ${esc(user.email || 'N/A')} ${user.is_active ? 'Active' : 'Inactive'} ${user.is_superuser ? 'Superuser' : 'User'} ${user.last_login_at ? new Date(user.last_login_at).toLocaleString() : 'Never'} ${new Date(user.created_at).toLocaleDateString()} ${!user.is_superuser ? ` ` : ''} `).join(''); lucide.createIcons(); } catch (error) { console.error('Failed to load users:', error); document.getElementById('usersTableBody').innerHTML = 'Failed to load users'; } }, async toggleUserStatus(userId, currentStatus) { if (!confirm(`Are you sure you want to ${currentStatus ? 'deactivate' : 'activate'} this user?`)) return; try { const response = a ``` -------------------------------- ### Get Current Gateway Settings Source: https://context7.com/loglux/authmcp-gateway/llms.txt Retrieve the current configuration settings for the AuthMCP Gateway, including JWT TTL, password policy, and rate limits. ```bash curl -s http://localhost:8000/admin/api/settings \ -H "Authorization: Bearer $ADMIN_TOKEN" ``` -------------------------------- ### Aggregated MCP Endpoint - Initialize Source: https://context7.com/loglux/authmcp-gateway/llms.txt Initializes the MCP connection by merging capabilities from all backends. ```APIDOC ## POST /mcp - Initialize ### Description Initializes the MCP connection and returns merged capabilities from all available backend servers. ### Method POST ### Endpoint /mcp ### Headers - Authorization: Bearer $ACCESS_TOKEN - Content-Type: application/json ### Request Body - jsonrpc (string) - Specifies the JSON-RPC protocol version. - id (number) - A unique identifier for the request. - method (string) - The method to call, set to "initialize". - params (object) - Parameters for the initialize method. - protocolVersion (string) - The desired protocol version. - capabilities (object) - Client capabilities. - clientInfo (object) - Information about the client. - name (string) - The name of the client. - version (string) - The version of the client. ### Request Example ```json { "jsonrpc": "2.0", "id": 1, "method": "initialize", "params": { "protocolVersion": "2025-03-26", "capabilities": {}, "clientInfo": { "name": "my-client", "version": "1.0" } } } ``` ### Response #### Success Response (200) - jsonrpc (string) - Specifies the JSON-RPC protocol version. - id (number) - The ID of the request. - result (object) - The result of the initialization. - protocolVersion (string) - The negotiated protocol version. - capabilities (object) - Merged capabilities from all servers. - serverInfo (object) - Information about the gateway server. - name (string) - The name of the server. - version (string) - The version of the server. ### Response Example ```json { "jsonrpc": "2.0", "id": 1, "result": { "protocolVersion": "2025-03-26", "capabilities": { "tools": {}, "resources": {}, "prompts": {} }, "serverInfo": { "name": "authmcp-gateway", "version": "2.0.0" } } } ``` ``` -------------------------------- ### Get Status Badge Source: https://github.com/loglux/authmcp-gateway/blob/main/src/authmcp_gateway/templates/admin/security_logs.html Generates an HTML span element for a status badge based on event type. Differentiates between 'BLOCKED', 'DENIED', and 'WARNING' statuses. ```javascript function getStatusBadge(eventType) { const blockedEvents = ['unauthorized_access', 'rate_limit_exceeded', 'invalid_token', 'brute_force']; const deniedEvents = ['failed_login']; if (blockedEvents.includes(eventType)) { return '🚫 BLOCKED'; } if (deniedEvents.includes(eventType)) { return '⛔ DENIED'; } return '⚠️ WARNING'; } ``` -------------------------------- ### View Logs in Real-Time Source: https://github.com/loglux/authmcp-gateway/blob/main/README.md Use this command to view the logs of the authmcp-gateway container in real-time. This is useful for monitoring and debugging. ```bash docker logs -f authmcp-gateway ``` -------------------------------- ### Get Event Icon Source: https://github.com/loglux/authmcp-gateway/blob/main/src/authmcp_gateway/templates/admin/security_logs.html Returns an icon name string corresponding to the event type. Provides a default 'shield-alert' icon if the event type is not mapped. ```javascript function getEventIcon(eventType, severity) { const icons = { 'unauthorized_access': 'shield-x', 'rate_limit_exceeded': 'shield-alert', 'invalid_token': 'key-off', 'suspicious_activity': 'alert-triangle', 'failed_login': 'lock', 'brute_force': 'zap' }; return icons[eventType] || 'shield-alert'; } ``` -------------------------------- ### Initialize Icons on DOM Load Source: https://github.com/loglux/authmcp-gateway/blob/main/src/authmcp_gateway/templates/admin/settings.html Ensures that Lucide icons are created and rendered after the DOM is fully loaded, with a slight delay. ```javascript document.addEventListener('DOMContentLoaded', function() { setTimeout(() => lucide.createIcons(), 100); }); ``` -------------------------------- ### Get Severity Border Color Source: https://github.com/loglux/authmcp-gateway/blob/main/src/authmcp_gateway/templates/admin/security_logs.html Returns a CSS class string for a border color based on severity. Defaults to a gray border for unrecognized severities. ```javascript function getSeverityColor(severity) { const colors = { 'critical': 'border-red-600', 'high': 'border-orange-600', 'medium': 'border-yellow-600', 'low': 'border-green-600' }; return colors[severity] || 'border-gray-600'; } ``` -------------------------------- ### Add Backend MCP Server Source: https://context7.com/loglux/authmcp-gateway/llms.txt Register a new backend MCP server using the Admin API. Requires an administrator token. Ensure 'name', 'url', and 'enabled' are correctly set. ```bash ADMIN_TOKEN="" # Add a backend MCP server curl -s -X POST http://localhost:8000/admin/api/mcp-servers \ -H "Authorization: Bearer $ADMIN_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "name": "rag", "url": "http://rag-mcp-server:8000/mcp", "backend_token": "optional-bearer-token", "tool_prefix": "rag_", "enabled": true }' ``` -------------------------------- ### Get Status Badge HTML Source: https://github.com/loglux/authmcp-gateway/blob/main/src/authmcp_gateway/templates/admin/security_logs.html Generates HTML for status badges based on event type. Provides a quick visual indicator of event status. ```javascript function getStatusBadge(eventType) { const statusMap = { 'unauthorized_access': 'Unauthorized', 'rate_limited': 'Rate Limited', 'suspicious_payload': 'Suspicious', 'auth_failed': 'Auth Failed' }; return statusMap[eventType.toLowerCase()] || ''; } ``` -------------------------------- ### Get Severity Badge HTML Source: https://github.com/loglux/authmcp-gateway/blob/main/src/authmcp_gateway/templates/admin/security_logs.html Generates HTML for severity badges based on the provided severity level. Used for displaying event severity visually. ```javascript function getSeverityBadge(severity) { const badges = { 'critical': '🔴 CRITICAL', 'high': '🟠 HIGH', 'medium': '🟡 MEDIUM', 'low': '🟢 LOW' }; return badges[severity.toLowerCase()] || ''; } ``` -------------------------------- ### Register and Update OAuth Client Source: https://context7.com/loglux/authmcp-gateway/llms.txt Use PUT to update an existing client's redirect URIs. Ensure the Authorization header contains a valid registration token. ```bash curl -s -X PUT http://localhost:8000/oauth/register/clt_abc123 \ -H "Authorization: Bearer reg_tok_xyz" \ -H "Content-Type: application/json" \ -d '{"redirect_uris": ["http://localhost:10101/callback", "http://localhost:10102/callback"]}' ``` -------------------------------- ### Aggregated MCP Endpoint - List Prompts Source: https://context7.com/loglux/authmcp-gateway/llms.txt Lists all available prompts aggregated from all backend servers. ```APIDOC ## POST /mcp - List Prompts ### Description Lists all available prompts, aggregated from all backend servers. ### Method POST ### Endpoint /mcp ### Headers - Authorization: Bearer $ACCESS_TOKEN - Content-Type: application/json ### Request Body - jsonrpc (string) - Specifies the JSON-RPC protocol version. - id (number) - A unique identifier for the request. - method (string) - The method to call, set to "prompts/list". ### Request Example ```json { "jsonrpc": "2.0", "id": 6, "method": "prompts/list" } ``` ``` -------------------------------- ### Initialize and Manage Authentication Logs Source: https://github.com/loglux/authmcp-gateway/blob/main/src/authmcp_gateway/templates/admin/logs.html This JavaScript object handles loading, rendering, and managing authentication logs. It includes functions for loading preferences from localStorage, saving them, fetching logs from the API, and rendering them in the UI. It also manages pagination and error handling. ```javascript function logsManager() { return { logs: [], total: 0, page: 1, filters: { eventType: '', days: '7', limit: 25 }, init() { this.loadPreferences(); this.loadLogs(); }, loadPreferences() { const saved = localStorage.getItem('authLogsPreferences'); if (saved) { try { const prefs = JSON.parse(saved); this.filters = { ...this.filters, ...prefs }; } catch (e) { console.error('Failed to load preferences:', e); } } }, savePreferences() { localStorage.setItem('authLogsPreferences', JSON.stringify(this.filters)); const btn = event.target.closest('button'); const originalText = btn.innerHTML; btn.innerHTML = ' Saved!'; lucide.createIcons(); setTimeout(() => { btn.innerHTML = originalText; lucide.createIcons(); }, 1500); }, async loadLogs(resetPage = false) { if (resetPage) this.page = 1; const offset = (this.page - 1) * this.filters.limit; const params = new URLSearchParams({ limit: this.filters.limit, offset: offset }); if (this.filters.eventType) params.append('event_type', this.filters.eventType); if (this.filters.days) params.append('days', this.filters.days); try { const response = await fetch(`/admin/api/logs?${params}`); const data = await response.json(); this.logs = data.logs; this.total = data.total; this.renderLogs(); } catch (error) { console.error('Failed to load logs:', error); document.getElementById('logsContainer').innerHTML = `

Failed to load logs

`; lucide.createIcons(); } }, renderLogs() { const container = document.getElementById('logsContainer'); if (this.logs.length === 0) { container.innerHTML = '

No logs found

'; return; } container.innerHTML = this.logs.map(log => { const success = log.success; const borderColor = success ? 'border-emerald-500' : 'border-red-500'; const badgeClass = this.getEventBadgeClass(log.event_type); const iconClass = success ? 'text-emerald-600' : 'text-red-600'; const icon = success ? 'check-circle' : 'x-circle'; return `
${log.event_type} ${esc(log.username || 'Unknown')}
${new Date(log.timestamp).toLocaleString()}
${log.ip_address ? `
${esc(log.ip_address)}
` : ''} ${log.details ? `
${esc(log.details)}
` : ''}
`; }).join(''); lucide.createIcons(); }, getEventBadgeClass(eventType) { const classes = { 'login': 'bg-emerald-100 text-emerald-700', 'register': 'bg-blue-100 text-blue-700', 'logout': 'bg-gray-100 text-gray-700', 'failed_login': 'bg-red-100 text-red-700', 'admin_login': 'bg-cyan-100 text-cyan-700', 'mcp_oauth_authorize': 'bg-indigo-100 text-indigo-700', 'mcp_oauth_token': 'bg-purple-100 text-purple-700', 'mcp_oauth_error': 'bg-rose-100 text-rose-700' }; return classes[eventType] || 'bg-gray-100 text-gray-700'; }, async cleanupOldLogs() { if (!confirm('Delete all logs older than 30 days?\n\nThis action cannot be undone!')) { return; } try { const response = await fetch('/admin/api/logs/cleanup', { method: 'POST' }); const data = await response.json(); showToast(`Cleanup complete! Deleted ${data.deleted} old entries.`); this.loadLogs(true); } catch (error) { showToast('Failed to cleanup logs: ' + error.message, 'error'); } }, nextPage() { if (this.page < Math.ceil(this.total / this.filters.limit)) { this.page++; this.loadLogs(); } }, prevPage() { if (this.page > 1) { this.page--; this.loadLogs(); } } } } ``` -------------------------------- ### Get Live MCP Request Feed Source: https://context7.com/loglux/authmcp-gateway/llms.txt Access a real-time feed of recent MCP requests, with an option to limit the number of results. Requires an administrator token. ```bash ADMIN_TOKEN="" # Live MCP request feed (last 100 requests) curl -s "http://localhost:8000/admin/api/mcp-requests?limit=10" \ -H "Authorization: Bearer $ADMIN_TOKEN" ``` -------------------------------- ### Get Dashboard Statistics Source: https://context7.com/loglux/authmcp-gateway/llms.txt Fetch overall gateway statistics, including user counts, active servers, and request/error totals for the day, using the Admin API. ```bash ADMIN_TOKEN="" # Dashboard stats curl -s http://localhost:8000/admin/api/stats \ -H "Authorization: Bearer $ADMIN_TOKEN" ``` -------------------------------- ### Get Aggregated MCP Statistics Source: https://context7.com/loglux/authmcp-gateway/llms.txt Retrieve aggregated MCP statistics, including requests per minute, success rate, and top-used tools, using the Admin API. ```bash ADMIN_TOKEN="" # Aggregated MCP stats (requests/min, success rate, top tools) curl -s http://localhost:8000/admin/api/mcp-stats \ -H "Authorization: Bearer $ADMIN_TOKEN" ``` -------------------------------- ### CLI Commands Source: https://github.com/loglux/authmcp-gateway/blob/main/README.md Available commands for managing the Authmcp-Gateway via the command-line interface. ```APIDOC ## CLI Commands ### Available Commands: ```bash authmcp-gateway start # Start server (default: 0.0.0.0:8000) authmcp-gateway start --port 9000 # Start on custom port authmcp-gateway start --host 127.0.0.1 # Bind to localhost only authmcp-gateway start --env-file custom.env # Use custom config file authmcp-gateway init-db # Initialize database authmcp-gateway create-admin # Create admin user via CLI authmcp-gateway version # Show version authmcp-gateway --help # Show all options ``` ``` -------------------------------- ### Get User's MCP Permissions Source: https://context7.com/loglux/authmcp-gateway/llms.txt Retrieve the MCP server permissions for a specific user using the Admin API. Requires an administrator token and user ID. ```bash ADMIN_TOKEN="" # Get user's MCP permissions curl -s http://localhost:8000/admin/api/users/3/mcp-permissions \ -H "Authorization: Bearer $ADMIN_TOKEN" ```