Replies: 2 comments
-
|
Fine-grained RBAC / OAuth, etc. is part of the roadmap https://ibm.github.io/mcp-context-forge/architecture/roadmap/#authentication-authorization-security-identity - would welcome your thoughts! |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Please check out:
And let me know if these 2 would resolve the issue. Please add any comments, suggested test scenarios or ideas to #208 or #283 Thanks! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Question: Application-Level AuthN/AuthZ Support via MCP (Backend Only)
Is authentication and authorization (AuthN/AuthZ) implemented for the backend apps as part of this project specifically for MCP clients, not the mcp-context-forge UI?
Context:
Consider a CRM scenario with two users. Normally, we expect user-level access controls—each user can only view or modify their own records, except for explicitly shared ones. If both users now access the same CRM through MCP, can the same level of granular, application-level AuthN/AuthZ still be enforced? In other words, does mcp-context-forge allow preserving the original backend access controls as if the users were interacting with the CRM directly?
Original.
Beta Was this translation helpful? Give feedback.
All reactions