fix(auth)!: prevent fail-open bypass on generic auth errors#3078
Closed
Deeven-Seru wants to merge 1 commit intogoogleapis:mainfrom
Closed
fix(auth)!: prevent fail-open bypass on generic auth errors#3078Deeven-Seru wants to merge 1 commit intogoogleapis:mainfrom
Deeven-Seru wants to merge 1 commit intogoogleapis:mainfrom
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request updates the mcpAuthMiddleware in internal/server/server.go to handle a wider range of authentication errors by adding a default case for MCPAuthError and a catch-all for unexpected error types. The review identifies a security risk where sensitive internal details could be exposed in 500-level error messages and suggests implementing server-side logging for unexpected errors to improve observability and debugging.
Fixes a critical vulnerability where MCP server middleware failed to safely handle validation errors with http.StatusInternalServerError codes, leading to unauthorized actors bypassing the authentication layer if the external OIDC Authorization Server experiences downtime. Includes: - Fail-closed error handling for all authentication failure codes. - Sanitization of 5xx errors to prevent leaking internal details to clients. - Observability logging for all authentication failures. - Injection of logger into context before middleware execution. Fixes googleapis#3076 🦕
Deeven-Seru
force-pushed
the
fix/auth-bypass-clean
branch
from
616f61b to
4f74f13
Compare
Contributor
|
Hi @Deeven-Seru, closing as it's a duplicate of #3067. Feel free to comment on that PR if you have any feedback/suggestions. Thanks! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes a critical vulnerability where MCP server middleware failed to safely handle validation errors with
http.StatusInternalServerErrorcodes, leading to unauthorized actors bypassing the authentication layer if the external OIDC Authorization Server experiences an outage or DoS.PR Checklist
!if this involves a breaking changeFixes #3076