🐛 fix(mcp): validate Google ID token signature in OAuth callback

Previously the MCP OAuth callback read Google ID token claims without
verifying the token signature, allowing a crafted JWT to bypass
authentication. Now validates the token against Google's JWKS public
keys with issuer, audience, and lifetime checks.

Also updates test constructors to match new MessageRouter and
EmbedService signatures.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: 239573049

src/OpenDeepWiki/MCP/McpOAuthServer.cs

@@ -5,6 +5,9 @@
 using System.Text.Json;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Options;
+using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.IdentityModel.Tokens;
 using OpenDeepWiki.EFCore;
 using OpenDeepWiki.Entities;
 using OpenDeepWiki.Services.Auth;
@@ -24,6 +27,7 @@ public class McpOAuthServer
     private readonly ILogger<McpOAuthServer> _logger;
     private readonly string _googleClientId;
     private readonly string _googleClientSecret;
+    private readonly ConfigurationManager<OpenIdConnectConfiguration> _googleOidcConfigManager;
 
     // In-memory stores for OAuth state (short-lived, lost on restart = clients re-auth)
     private static readonly ConcurrentDictionary<string, PendingAuthorization> PendingAuthorizations = new();
@@ -57,6 +61,12 @@ public McpOAuthServer(
                               ?? configuration["Google:ClientSecret"]
                               ?? throw new InvalidOperationException(
                                   "GOOGLE_CLIENT_SECRET is required for MCP OAuth authorization server");
+
+        // Initialize Google OIDC configuration manager for ID token signature validation
+        _googleOidcConfigManager = new ConfigurationManager<OpenIdConnectConfiguration>(
+            "https://accounts.google.com/.well-known/openid-configuration",
+            new OpenIdConnectConfigurationRetriever(),
+            new HttpDocumentRetriever(httpClientFactory.CreateClient()));
     }
 
     /// <summary>
@@ -211,18 +221,47 @@ public async Task<IResult> HandleCallback(HttpContext context)
         var tokenJson = await tokenResponse.Content.ReadAsStringAsync();
         var tokenData = JsonSerializer.Deserialize<JsonElement>(tokenJson);
 
-        // Extract user info from the ID token
+        // Validate and extract user info from the Google ID token
         var idToken = tokenData.GetProperty("id_token").GetString();
         if (string.IsNullOrEmpty(idToken))
         {
             _logger.LogError("MCP OAuth callback: no id_token in Google response");
             return Results.BadRequest(new { error = "server_error", error_description = "No ID token from Google" });
         }
 
+        // Validate Google ID token signature using Google's JWKS public keys
         var handler = new JwtSecurityTokenHandler();
-        var jwt = handler.ReadJwtToken(idToken);
-        var email = jwt.Claims.FirstOrDefault(c => c.Type == "email")?.Value;
-        var name = jwt.Claims.FirstOrDefault(c => c.Type == "name")?.Value ?? email;
+        var oidcConfig = await _googleOidcConfigManager.GetConfigurationAsync(CancellationToken.None);
+        var validationParameters = new TokenValidationParameters
+        {
+            ValidateIssuer = true,
+            ValidIssuers = new[] { "https://accounts.google.com", "accounts.google.com" },
+            ValidateAudience = true,
+            ValidAudience = _googleClientId,
+            ValidateLifetime = true,
+            ValidateIssuerSigningKey = true,
+            IssuerSigningKeys = oidcConfig.SigningKeys,
+        };
+
+        TokenValidationResult validationResult;
+        try
+        {
+            validationResult = await handler.ValidateTokenAsync(idToken, validationParameters);
+        }
+        catch (Exception ex)
+        {
+            _logger.LogError(ex, "MCP OAuth callback: Google ID token validation failed");
+            return Results.BadRequest(new { error = "server_error", error_description = "ID token validation failed" });
+        }
+
+        if (!validationResult.IsValid)
+        {
+            _logger.LogError("MCP OAuth callback: Google ID token is invalid: {Exception}", validationResult.Exception?.Message);
+            return Results.BadRequest(new { error = "server_error", error_description = "ID token validation failed" });
+        }
+
+        var email = validationResult.ClaimsIdentity.FindFirst("email")?.Value;
+        var name = validationResult.ClaimsIdentity.FindFirst("name")?.Value ?? email;
 
         if (string.IsNullOrEmpty(email))
         {

tests/OpenDeepWiki.Tests/Chat/Providers/ProviderEnableDisablePropertyTests.cs

@@ -112,7 +112,7 @@ public Property DisabledProvider_ShouldNotProcessMessagesViaRouter()
             count =>
             {
                 var logger = NullLogger<MessageRouter>.Instance;
-                var router = new MessageRouter(logger);
+                var router = new MessageRouter(logger, null!);
                 var platforms = Enumerable.Range(1, count)
                     .Select(i => $"platform_{i}")
                     .ToList();

tests/OpenDeepWiki.Tests/Chat/Routing/ProviderRoutingPropertyTests.cs

@@ -2,6 +2,7 @@
 using FsCheck.Fluent;
 using FsCheck.Xunit;
 using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Logging.Abstractions;
 using OpenDeepWiki.Chat.Abstractions;
@@ -59,7 +60,7 @@ public Property MessageShouldBeRoutedToMatchingProvider()
             GeneratePlatformCount().ToArbitrary(),
             count =>
             {
-                var router = new MessageRouter(_logger);
+                var router = new MessageRouter(_logger, null!);
                 var platforms = Enumerable.Range(1, count)
                     .Select(i => $"platform_{i}")
                     .ToList();
@@ -94,7 +95,7 @@ public Property RegisteredProviderCountShouldMatch()
             GeneratePlatformCount().ToArbitrary(),
             count =>
             {
-                var router = new MessageRouter(_logger);
+                var router = new MessageRouter(_logger, null!);
                 var platforms = Enumerable.Range(1, count)
                     .Select(i => $"platform_{i}")
                     .ToList();
@@ -122,7 +123,7 @@ public Property UnregisteredPlatformShouldReturnNull()
             GenerateUniquePlatformId().ToArbitrary(),
             (count, unregisteredPlatform) =>
             {
-                var router = new MessageRouter(_logger);
+                var router = new MessageRouter(_logger, null!);
                 var platforms = Enumerable.Range(1, count)
                     .Select(i => $"registered_{i}")
                     .ToList();
@@ -154,7 +155,7 @@ public Property HasProviderShouldBeConsistentWithGetProvider()
             GenerateValidPlatform().ToArbitrary(),
             (count, queryPlatform) =>
             {
-                var router = new MessageRouter(_logger);
+                var router = new MessageRouter(_logger, null!);
                 var platforms = Enumerable.Range(1, count)
                     .Select(i => $"platform_{i}")
                     .ToList();
@@ -183,7 +184,7 @@ public Property UnregisteredProviderShouldNotBeAccessible()
             GeneratePlatformCount().ToArbitrary(),
             count =>
             {
-                var router = new MessageRouter(_logger);
+                var router = new MessageRouter(_logger, null!);
                 var platforms = Enumerable.Range(1, count)
                     .Select(i => $"platform_{i}")
                     .ToList();
@@ -217,7 +218,7 @@ public Property DuplicateRegistrationShouldUpdateProvider()
             GenerateUniquePlatformId().ToArbitrary(),
             platformId =>
             {
-                var router = new MessageRouter(_logger);
+                var router = new MessageRouter(_logger, null!);
 
                 // 注册第一个 Provider
                 var provider1 = CreateTestProvider(platformId, "Provider 1");
@@ -242,7 +243,7 @@ public Property DuplicateRegistrationShouldUpdateProvider()
     [Fact]
     public void PlatformIdMatching_ShouldBeCaseInsensitive()
     {
-        var router = new MessageRouter(_logger);
+        var router = new MessageRouter(_logger, null!);
 
         // 注册小写平台
         var provider = CreateTestProvider("feishu", "Feishu Provider");
@@ -270,7 +271,7 @@ public void PlatformIdMatching_ShouldBeCaseInsensitive()
     [InlineData("   ")]
     public void EmptyPlatformId_ShouldReturnNull(string? platformId)
     {
-        var router = new MessageRouter(_logger);
+        var router = new MessageRouter(_logger, null!);
 
         var result = router.GetProvider(platformId!);
 

tests/OpenDeepWiki.Tests/Services/Chat/EmbedServiceAppConfigPropertyTests.cs

@@ -5,6 +5,7 @@
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Logging.Abstractions;
 using Microsoft.Extensions.Options;
+using OpenDeepWiki.Agents;
 using OpenDeepWiki.EFCore;
 using OpenDeepWiki.Entities;
 using OpenDeepWiki.Services.Chat;
@@ -55,7 +56,7 @@ public Property GetAppConfig_ShouldReturnCorrectAppName()
                 var statsService = new AppStatisticsService(context, StatsLogger);
                 var logService = new ChatLogService(context, LogLogger);
                 var embedService = new EmbedService(
-                    context, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
+                    context, null!, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
 
                 // Create app
                 var app = chatAppService.CreateAppAsync("user1", new CreateChatAppDto
@@ -94,7 +95,7 @@ public Property GetAppConfig_ShouldReturnCorrectAvailableModels()
                 var statsService = new AppStatisticsService(context, StatsLogger);
                 var logService = new ChatLogService(context, LogLogger);
                 var embedService = new EmbedService(
-                    context, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
+                    context, null!, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
 
                 // Create app with specific models
                 var app = chatAppService.CreateAppAsync("user1", new CreateChatAppDto
@@ -137,7 +138,7 @@ public Property GetAppConfig_ShouldReturnCorrectDefaultModel()
                 var statsService = new AppStatisticsService(context, StatsLogger);
                 var logService = new ChatLogService(context, LogLogger);
                 var embedService = new EmbedService(
-                    context, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
+                    context, null!, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
 
                 // Create app with specific default model
                 var app = chatAppService.CreateAppAsync("user1", new CreateChatAppDto
@@ -177,7 +178,7 @@ public Property GetAppConfig_ShouldReturnCorrectIconUrl()
                 var statsService = new AppStatisticsService(context, StatsLogger);
                 var logService = new ChatLogService(context, LogLogger);
                 var embedService = new EmbedService(
-                    context, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
+                    context, null!, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
 
                 // Create app with icon
                 var app = chatAppService.CreateAppAsync("user1", new CreateChatAppDto
@@ -255,7 +256,7 @@ public Property UpdateApp_ShouldReflectChanges()
                 var statsService = new AppStatisticsService(context, StatsLogger);
                 var logService = new ChatLogService(context, LogLogger);
                 var embedService = new EmbedService(
-                    context, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
+                    context, null!, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
 
                 // Create app
                 var app = chatAppService.CreateAppAsync("user1", new CreateChatAppDto
@@ -301,7 +302,7 @@ public Property GetAppConfig_WithDomainValidation_ShouldValidateCorrectly()
                 var statsService = new AppStatisticsService(context, StatsLogger);
                 var logService = new ChatLogService(context, LogLogger);
                 var embedService = new EmbedService(
-                    context, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
+                    context, null!, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
 
                 // Create app with domain validation
                 var app = chatAppService.CreateAppAsync("user1", new CreateChatAppDto

tests/OpenDeepWiki.Tests/Services/Chat/EmbedServiceSecurityPropertyTests.cs

@@ -10,6 +10,7 @@
 using OpenDeepWiki.Services.Chat;
 using OpenDeepWiki.Services.Repositories;
 
+
 namespace OpenDeepWiki.Tests.Services.Chat;
 
 /// <summary>
@@ -54,7 +55,7 @@ public Property InvalidAppId_ShouldBeRejected()
                 var statsService = new AppStatisticsService(context, StatsLogger);
                 var logService = new ChatLogService(context, LogLogger);
                 var embedService = new EmbedService(
-                    context, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
+                    context, null!, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
 
                 var (isValid, errorCode, _) = embedService.ValidateAppAsync(invalidAppId)
                     .GetAwaiter().GetResult();
@@ -81,7 +82,7 @@ public Property ValidAppId_ShouldBeAccepted()
                 var statsService = new AppStatisticsService(context, StatsLogger);
                 var logService = new ChatLogService(context, LogLogger);
                 var embedService = new EmbedService(
-                    context, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
+                    context, null!, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
 
                 // Create a valid app
                 var app = chatAppService.CreateAppAsync("user1", new CreateChatAppDto
@@ -118,7 +119,7 @@ public Property InactiveApp_ShouldBeRejected()
                 var statsService = new AppStatisticsService(context, StatsLogger);
                 var logService = new ChatLogService(context, LogLogger);
                 var embedService = new EmbedService(
-                    context, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
+                    context, null!, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
 
                 // Create and then deactivate the app
                 var app = chatAppService.CreateAppAsync("user1", new CreateChatAppDto
@@ -160,7 +161,7 @@ public Property AppWithoutApiKey_ShouldBeRejected()
                 var statsService = new AppStatisticsService(context, StatsLogger);
                 var logService = new ChatLogService(context, LogLogger);
                 var embedService = new EmbedService(
-                    context, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
+                    context, null!, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
 
                 // Create app without API key
                 var app = chatAppService.CreateAppAsync("user1", new CreateChatAppDto
@@ -205,7 +206,7 @@ public Property DomainValidationEnabled_NonAllowedDomain_ShouldBeRejected()
                 var statsService = new AppStatisticsService(context, StatsLogger);
                 var logService = new ChatLogService(context, LogLogger);
                 var embedService = new EmbedService(
-                    context, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
+                    context, null!, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
 
                 // Create app with domain validation enabled
                 var app = chatAppService.CreateAppAsync("user1", new CreateChatAppDto
@@ -244,7 +245,7 @@ public Property DomainValidationEnabled_AllowedDomain_ShouldBeAccepted()
                 var statsService = new AppStatisticsService(context, StatsLogger);
                 var logService = new ChatLogService(context, LogLogger);
                 var embedService = new EmbedService(
-                    context, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
+                    context, null!, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
 
                 // Create app with domain validation enabled
                 var app = chatAppService.CreateAppAsync("user1", new CreateChatAppDto
@@ -283,7 +284,7 @@ public Property DomainValidationDisabled_AnyDomain_ShouldBeAccepted()
                 var statsService = new AppStatisticsService(context, StatsLogger);
                 var logService = new ChatLogService(context, LogLogger);
                 var embedService = new EmbedService(
-                    context, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
+                    context, null!, chatAppService, statsService, logService, null!, RepoOptions, EmbedLogger);
 
                 // Create app with domain validation disabled
                 var app = chatAppService.CreateAppAsync("user1", new CreateChatAppDto