Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / KorAP-MCP / 90f65218e6f2c0608fdc42af78d000446a20b858^! / . / config / oauth.go
commit90f65218e6f2c0608fdc42af78d000446a20b858[log] [tgz]
authorAkron <nils@diewald-online.de>Thu Jun 12 14:32:55 2025 +0200
committerAkron <nils@diewald-online.de>Thu Jun 12 14:32:55 2025 +0200
tree6a63f3ccf6a1e310e603341a3901654a7b66edb1
Initial minimal mcp server for KorAP

diff --git a/config/oauth.go b/config/oauth.go
new file mode 100644
index 0000000..b015f16
--- /dev/null
+++ b/config/oauth.go

@@ -0,0 +1,83 @@
+package config
+
+import (
+	"fmt"
+
+	"golang.org/x/oauth2"
+)
+
+// OAuthConfig represents OAuth2 configuration for KorAP authentication
+type OAuthConfig struct {
+	// ClientID is the OAuth2 client identifier
+	ClientID string `yaml:"client_id"`
+
+	// ClientSecret is the OAuth2 client secret
+	ClientSecret string `yaml:"client_secret"`
+
+	// AuthURL is the authorization endpoint URL
+	AuthURL string `yaml:"auth_url"`
+
+	// TokenURL is the token endpoint URL
+	TokenURL string `yaml:"token_url"`
+
+	// RedirectURL is the callback URL for authorization code flow
+	RedirectURL string `yaml:"redirect_url"`
+
+	// Scopes are the requested OAuth2 scopes
+	Scopes []string `yaml:"scopes"`
+
+	// Enabled indicates whether OAuth2 authentication is enabled
+	Enabled bool `yaml:"enabled"`
+}
+
+// DefaultOAuthConfig returns a default OAuth2 configuration
+func DefaultOAuthConfig() *OAuthConfig {
+	return &OAuthConfig{
+		AuthURL:     "https://korap.ids-mannheim.de/api/v1.0/oauth2/authorize",
+		TokenURL:    "https://korap.ids-mannheim.de/api/v1.0/oauth2/token",
+		RedirectURL: "urn:ietf:wg:oauth:2.0:oob",
+		Scopes:      []string{"read"},
+		Enabled:     false,
+	}
+}
+
+// ToOAuth2Config converts the config to golang.org/x/oauth2.Config
+func (c *OAuthConfig) ToOAuth2Config() *oauth2.Config {
+	if !c.Enabled {
+		return nil
+	}
+
+	return &oauth2.Config{
+		ClientID:     c.ClientID,
+		ClientSecret: c.ClientSecret,
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  c.AuthURL,
+			TokenURL: c.TokenURL,
+		},
+		RedirectURL: c.RedirectURL,
+		Scopes:      c.Scopes,
+	}
+}
+
+// Validate checks if the OAuth2 configuration is valid
+func (c *OAuthConfig) Validate() error {
+	if !c.Enabled {
+		return nil
+	}
+
+	if c.ClientID == "" {
+		return fmt.Errorf("oauth2 client_id is required when authentication is enabled")
+	}
+
+	if c.ClientSecret == "" {
+		return fmt.Errorf("oauth2 client_secret is required when authentication is enabled")
+	}
+
+	if c.TokenURL == "" {
+		return fmt.Errorf("oauth2 token_url is required when authentication is enabled")
+	}
+
+	// AuthURL is only required for authorization code flow, not client credentials
+
+	return nil
+}