googleapis
diff --git a/‎docs/en/documentation/configuration/authentication/_index.md‎
Lines changed: 12 additions & 17 deletions b/‎docs/en/documentation/configuration/authentication/_index.md‎
Lines changed: 12 additions & 17 deletions
diff --git a/‎docs/en/documentation/configuration/authentication/generic.md‎
Lines changed: 23 additions & 0 deletions b/‎docs/en/documentation/configuration/authentication/generic.md‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎docs/en/documentation/configuration/tools/_index.md‎
Lines changed: 7 additions & 2 deletions b/‎docs/en/documentation/configuration/tools/_index.md‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎internal/auth/generic/generic.go‎
Lines changed: 70 additions & 34 deletions b/‎internal/auth/generic/generic.go‎
Lines changed: 70 additions & 34 deletions
@@ -6,19 +6,18 @@ description: >
   AuthServices represent services that handle authentication and authorization.
 ---
 
-AuthServices represent services that handle authentication and authorization. It
-can primarily be used by [Tools](../tools/_index.md) in two different ways:
+AuthServices represent services that handle authentication and authorization. They support two distinct modes of operation:
 
-- [**Authorized Invocation**][auth-invoke] is when a tool
-  is validated by the auth service before the call can be invoked. Toolbox
-  will reject any calls that fail to validate or have an invalid token.
-- [**Authenticated Parameters**][auth-params] replace the value of a parameter
-  with a field from an [OIDC][openid-claims] claim. Toolbox will automatically
-  resolve the ID token provided by the client and replace the parameter in the
-  tool call.
+### 1. Toolbox Native Authorization
+Used for specific tools to enforce authorization or resolve parameters:
+- [**Authorized Invocation**][auth-invoke]: A tool is validated by the auth service before it can be invoked. Toolbox will reject any calls that fail to validate or have an invalid token.
+- [**Authenticated Parameters**][auth-params]: Replaces the value of a parameter with a field from an [OIDC][openid-claims] claim. Toolbox will automatically resolve the ID token provided by the client and replace the parameter in the tool call.
+
+### 2. MCP Authorization
+Used to secure the entire MCP server. The Model Context Protocol supports [MCP Authorization](https://modelcontextprotocol.io/docs/tutorials/security/authorization) to secure interactions between clients and servers. When enabled, all MCP endpoints require a valid token, and you can enforce granular tool-level scope authorization. **Note that this mode is currently only supported when using the `generic` auth service type.**
 
 [openid-claims]: https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
-[auth-invoke]: ../tools/_index.md#authorized-invocations
+[auth-invoke]: ../tools/_index.md#authorized-invocations-toolbox-native-authorization
 [auth-params]: ../tools/_index.md#authenticated-parameters
 
 ## Example
@@ -48,13 +47,9 @@ Use environment variable replacement with the format ${ENV_NAME}
 instead of hardcoding your secrets into the configuration file.
 {{< /notice >}}
 
-After you've configured an `authService` you'll, need to reference it in the
-configuration for each tool that should use it:
-
-- **Authorized Invocations** for authorizing a tool call, [use the
-  `authRequired` field in a tool config][auth-invoke]
-- **Authenticated Parameters** for using the value from a OIDC claim, [use the
-  `authService` field in a parameter config][auth-params]
+After you've configured an `authService`, you can use it:
+- For **Toolbox Native Authorization** by referencing it in your tool configuration (using `authRequired` or `authService` in parameters).
+- For **MCP Authorization** by setting `mcpEnabled: true` in the auth service configuration to secure the entire server.
 
 ## Specifying ID Tokens from Clients
 
 
@@ -158,6 +158,29 @@ scopesRequired:
 > [!NOTE]
 > If you are using Okta's Org Authorization Server (instead of a Custom Authorization Server), your `authorizationServer` URL will be `https://your-subdomain.okta.com`.
 
+#### Tool-Level Scopes
+
+When using MCP Authorization (with `mcpEnabled: true` in the auth service), you can enforce granular tool-level scope authorization by specifying the `scopesRequired` field in the tool configuration.
+
+This ensures that a client can only invoke the tool if their authorization token contains all the specified scopes.
+
+```yaml
+kind: tool
+name: update_flight_status
+type: postgres-sql
+source: my-pg-instance
+statement: |
+  UPDATE flights SET status = $1 WHERE flight_number = $2
+description: Update flight status
+authRequired:
+  - my-generic-auth
+scopesRequired:
+  - execute:sql
+  - write:flights
+```
+
+If a client attempts to invoke this tool without the required scopes, the server will return an HTTP 403 Forbidden response with a `WWW-Authenticate` header challenge indicating the missing scopes, as per the MCP Auth specification.
+
 {{< notice tip >}} Use environment variable replacement with the format
 ${ENV_NAME} instead of hardcoding your secrets into the configuration file.
 {{< /notice >}}
 
@@ -260,7 +260,13 @@ templateParameters:
 | excludedValues |     []string     |      false      | Input value will be checked against this field. Regex is also supported.            |
 | items          | parameter object | true (if array) | Specify a Parameter object for the type of the values in the array (string only).   |
 
-## Authorized Invocations
+## Tool-Level Scopes (MCP Authorization)
+
+The Model Context Protocol supports [MCP Authorization](https://modelcontextprotocol.io/docs/tutorials/security/authorization) to secure interactions between clients and servers. When using MCP Authorization in Toolbox, you can enforce granular tool-level scope authorization by specifying the `scopesRequired` field in the tool configuration.
+
+For detailed information on how to configure this and examples, please see the [Generic OIDC Auth](../authentication/generic.md#tool-level-scopes) documentation.
+
+## Authorized Invocations (Toolbox Native Authorization)
 
 You can require an authorization check for any Tool invocation request by
 specifying an `authRequired` field. Specify a list of
@@ -279,7 +285,6 @@ authRequired:
   - other-auth-service
 ```
 
-
 ## Tool Annotations
 
 Tool annotations provide semantic metadata that helps MCP clients understand tool
 
@@ -59,7 +59,7 @@ func (cfg Config) Initialize() (auth.AuthService, error) {
 	httpClient := newSecureHTTPClient()
 
 	// Discover OIDC endpoints
-	jwksURL, introspectionURL, err := discoverOIDCConfig(httpClient, cfg.AuthorizationServer)
+	jwksURL, introspectionURL, issuer, err := discoverOIDCConfig(httpClient, cfg.AuthorizationServer)
 	if err != nil {
 		return nil, fmt.Errorf("failed to discover OIDC config: %w", err)
 	}
@@ -80,6 +80,7 @@ func (cfg Config) Initialize() (auth.AuthService, error) {
 		kf:               kf,
 		client:           httpClient,
 		introspectionURL: introspectionURL,
+		issuer:           issuer,
 	}
 	return a, nil
 }
@@ -100,58 +101,59 @@ func newSecureHTTPClient() *http.Client {
 	}
 }
 
-func discoverOIDCConfig(client *http.Client, AuthorizationServer string) (jwksURI string, introspectionEndpoint string, err error) {
+func discoverOIDCConfig(client *http.Client, AuthorizationServer string) (jwksURI string, introspectionEndpoint string, issuer string, err error) {
 	u, err := url.Parse(AuthorizationServer)
 	if err != nil {
-		return "", "", fmt.Errorf("invalid auth URL")
+		return "", "", "", fmt.Errorf("invalid auth URL")
 	}
 	if u.Scheme != "https" {
 		log.Printf("WARNING: HTTP instead of HTTPS is being used for AuthorizationServer: %s", AuthorizationServer)
 	}
 
 	oidcConfigURL, err := url.JoinPath(AuthorizationServer, ".well-known/openid-configuration")
 	if err != nil {
-		return "", "", err
+		return "", "", "", err
 	}
 
 	resp, err := client.Get(oidcConfigURL)
 	if err != nil {
-		return "", "", fmt.Errorf("failed to fetch OIDC config: %w", err)
+		return "", "", "", fmt.Errorf("failed to fetch OIDC config: %w", err)
 	}
 	defer resp.Body.Close()
 
 	if resp.StatusCode != http.StatusOK {
-		return "", "", fmt.Errorf("unexpected status: %d", resp.StatusCode)
+		return "", "", "", fmt.Errorf("unexpected status: %d", resp.StatusCode)
 	}
 
 	// Limit read size to 1MB to prevent memory exhaustion
 	body, err := io.ReadAll(io.LimitReader(resp.Body, 1<<20))
 	if err != nil {
-		return "", "", err
+		return "", "", "", err
 	}
 
 	var config struct {
+		Issuer                string `json:"issuer"`
 		JwksUri               string `json:"jwks_uri"`
 		IntrospectionEndpoint string `json:"introspection_endpoint"`
 	}
 	if err := json.Unmarshal(body, &config); err != nil {
-		return "", "", err
+		return "", "", "", err
 	}
 
 	if config.JwksUri == "" {
-		return "", "", fmt.Errorf("jwks_uri not found in config")
+		return "", "", "", fmt.Errorf("jwks_uri not found in config")
 	}
 
 	// Sanitize the resulting JWKS URI before returning it
 	parsedJWKS, err := url.Parse(config.JwksUri)
 	if err != nil {
-		return "", "", fmt.Errorf("invalid jwks_uri detected")
+		return "", "", "", fmt.Errorf("invalid jwks_uri detected")
 	}
 	if parsedJWKS.Scheme != "https" {
 		log.Printf("WARNING: HTTP instead of HTTPS is being used for JWKS URI: %s", config.JwksUri)
 	}
 
-	return config.JwksUri, config.IntrospectionEndpoint, nil
+	return config.JwksUri, config.IntrospectionEndpoint, config.Issuer, nil
 }
 
 var _ auth.AuthService = AuthService{}
@@ -162,6 +164,7 @@ type AuthService struct {
 	kf               keyfunc.Keyfunc
 	client           *http.Client
 	introspectionURL string
+	issuer           string
 }
 
 // Returns the auth service type
@@ -235,15 +238,15 @@ type MCPAuthError struct {
 func (e *MCPAuthError) Error() string { return e.Message }
 
 // ValidateMCPAuth handles MCP auth token validation
-func (a AuthService) ValidateMCPAuth(ctx context.Context, h http.Header) error {
+func (a AuthService) ValidateMCPAuth(ctx context.Context, h http.Header) (map[string]any, error) {
 	tokenString := h.Get("Authorization")
 	if tokenString == "" {
-		return &MCPAuthError{Code: http.StatusUnauthorized, Message: "missing access token", ScopesRequired: a.ScopesRequired}
+		return nil, &MCPAuthError{Code: http.StatusUnauthorized, Message: "missing access token", ScopesRequired: a.ScopesRequired}
 	}
 
 	headerParts := strings.Split(tokenString, " ")
 	if len(headerParts) != 2 || strings.ToLower(headerParts[0]) != "bearer" {
-		return &MCPAuthError{Code: http.StatusUnauthorized, Message: "authorization header must be in the format 'Bearer <token>'", ScopesRequired: a.ScopesRequired}
+		return nil, &MCPAuthError{Code: http.StatusUnauthorized, Message: "authorization header must be in the format 'Bearer <token>'", ScopesRequired: a.ScopesRequired}
 	}
 
 	tokenStr := headerParts[1]
@@ -259,40 +262,53 @@ func isJWTFormat(token string) bool {
 }
 
 // validateJwtToken validates a JWT token locally
-func (a AuthService) validateJwtToken(ctx context.Context, tokenStr string) error {
+func (a AuthService) validateJwtToken(ctx context.Context, tokenStr string) (map[string]any, error) {
 	token, err := jwt.Parse(tokenStr, a.kf.Keyfunc)
 	if err != nil || !token.Valid {
-		return &MCPAuthError{Code: http.StatusUnauthorized, Message: "invalid or expired token", ScopesRequired: a.ScopesRequired}
+		return nil, &MCPAuthError{Code: http.StatusUnauthorized, Message: "invalid or expired token", ScopesRequired: a.ScopesRequired}
 	}
 
 	claims, ok := token.Claims.(jwt.MapClaims)
 	if !ok {
-		return &MCPAuthError{Code: http.StatusUnauthorized, Message: "invalid JWT claims format", ScopesRequired: a.ScopesRequired}
+		return nil, &MCPAuthError{Code: http.StatusUnauthorized, Message: "invalid JWT claims format", ScopesRequired: a.ScopesRequired}
+	}
+
+	// Validate issuer
+	iss, err := claims.GetIssuer()
+	if err != nil {
+		return nil, &MCPAuthError{Code: http.StatusUnauthorized, Message: "could not parse issuer from token", ScopesRequired: a.ScopesRequired}
+	}
+	if iss == "" {
+		return nil, &MCPAuthError{Code: http.StatusUnauthorized, Message: "missing issuer claim in token", ScopesRequired: a.ScopesRequired}
 	}
 
 	// Validate audience
 	aud, err := claims.GetAudience()
 	if err != nil {
-		return &MCPAuthError{Code: http.StatusUnauthorized, Message: "could not parse audience from token", ScopesRequired: a.ScopesRequired}
+		return nil, &MCPAuthError{Code: http.StatusUnauthorized, Message: "could not parse audience from token", ScopesRequired: a.ScopesRequired}
 	}
 
 	scopeClaim, _ := claims["scope"].(string)
 
-	return a.validateClaims(ctx, aud, scopeClaim)
+	err = a.validateClaims(ctx, iss, aud, scopeClaim)
+	if err != nil {
+		return nil, err
+	}
+	return claims, nil
 }
 
 // validateOpaqueToken validates an opaque token by calling the introspection endpoint
-func (a AuthService) validateOpaqueToken(ctx context.Context, tokenStr string) error {
+func (a AuthService) validateOpaqueToken(ctx context.Context, tokenStr string) (map[string]any, error) {
 	logger, err := util.LoggerFromContext(ctx)
 	if err != nil {
-		return fmt.Errorf("failed to get logger from context: %w", err)
+		return nil, fmt.Errorf("failed to get logger from context: %w", err)
 	}
 
 	introspectionURL := a.introspectionURL
 	if introspectionURL == "" {
 		introspectionURL, err = url.JoinPath(a.AuthorizationServer, "introspect")
 		if err != nil {
-			return fmt.Errorf("failed to construct introspection URL: %w", err)
+			return nil, fmt.Errorf("failed to construct introspection URL: %w", err)
 		}
 	}
 
@@ -305,21 +321,21 @@ func (a AuthService) validateOpaqueToken(ctx context.Context, tokenStr string) e
 	if a.IntrospectionMethod == "GET" {
 		u, err := url.Parse(introspectionURL)
 		if err != nil {
-			return fmt.Errorf("failed to parse introspection URL: %w", err)
+			return nil, fmt.Errorf("failed to parse introspection URL: %w", err)
 		}
 		q := u.Query()
 		q.Set(paramName, tokenStr)
 		u.RawQuery = q.Encode()
 		req, err = http.NewRequestWithContext(ctx, "GET", u.String(), nil)
 		if err != nil {
-			return fmt.Errorf("failed to create introspection request: %w", err)
+			return nil, fmt.Errorf("failed to create introspection request: %w", err)
 		}
 	} else {
 		data := url.Values{}
 		data.Set(paramName, tokenStr)
 		req, err = http.NewRequestWithContext(ctx, "POST", introspectionURL, strings.NewReader(data.Encode()))
 		if err != nil {
-			return fmt.Errorf("failed to create introspection request: %w", err)
+			return nil, fmt.Errorf("failed to create introspection request: %w", err)
 		}
 		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	}
@@ -329,18 +345,18 @@ func (a AuthService) validateOpaqueToken(ctx context.Context, tokenStr string) e
 	resp, err := a.client.Do(req)
 	if err != nil {
 		logger.ErrorContext(ctx, "failed to call introspection endpoint: %v", err)
-		return &MCPAuthError{Code: http.StatusInternalServerError, Message: fmt.Sprintf("failed to call introspection endpoint: %v", err), ScopesRequired: a.ScopesRequired}
+		return nil, &MCPAuthError{Code: http.StatusInternalServerError, Message: fmt.Sprintf("failed to call introspection endpoint: %v", err), ScopesRequired: a.ScopesRequired}
 	}
 	defer resp.Body.Close()
 
 	if resp.StatusCode != http.StatusOK {
 		logger.WarnContext(ctx, "introspection failed with status: %d", resp.StatusCode)
-		return &MCPAuthError{Code: http.StatusUnauthorized, Message: fmt.Sprintf("introspection failed with status: %d", resp.StatusCode), ScopesRequired: a.ScopesRequired}
+		return nil, &MCPAuthError{Code: http.StatusUnauthorized, Message: fmt.Sprintf("introspection failed with status: %d", resp.StatusCode), ScopesRequired: a.ScopesRequired}
 	}
 
 	body, err := io.ReadAll(io.LimitReader(resp.Body, 1<<20))
 	if err != nil {
-		return fmt.Errorf("failed to read introspection response: %w", err)
+		return nil, fmt.Errorf("failed to read introspection response: %w", err)
 	}
 
 	var introspectResp struct {
@@ -349,22 +365,23 @@ func (a AuthService) validateOpaqueToken(ctx context.Context, tokenStr string) e
 		Aud      json.RawMessage `json:"aud"`
 		Audience json.RawMessage `json:"audience"`
 		Exp      int64           `json:"exp"`
+		Iss      string          `json:"iss"`
 	}
 
 	if err := json.Unmarshal(body, &introspectResp); err != nil {
-		return fmt.Errorf("failed to parse introspection response: %w", err)
+		return nil, fmt.Errorf("failed to parse introspection response: %w", err)
 	}
 
 	if introspectResp.Active != nil && !*introspectResp.Active {
 		logger.InfoContext(ctx, "token is not active")
-		return &MCPAuthError{Code: http.StatusUnauthorized, Message: "token is not active", ScopesRequired: a.ScopesRequired}
+		return nil, &MCPAuthError{Code: http.StatusUnauthorized, Message: "token is not active", ScopesRequired: a.ScopesRequired}
 	}
 
 	// Verify expiration (with 1 minute leeway)
 	const leeway = 60
 	if introspectResp.Exp > 0 && time.Now().Unix() > (introspectResp.Exp+leeway) {
 		logger.WarnContext(ctx, "token has expired: exp=%d, now=%d", introspectResp.Exp, time.Now().Unix())
-		return &MCPAuthError{Code: http.StatusUnauthorized, Message: "token has expired", ScopesRequired: a.ScopesRequired}
+		return nil, &MCPAuthError{Code: http.StatusUnauthorized, Message: "token has expired", ScopesRequired: a.ScopesRequired}
 	}
 
 	// Extract audience
@@ -385,20 +402,39 @@ func (a AuthService) validateOpaqueToken(ctx context.Context, tokenStr string) e
 			aud = audArr
 		} else {
 			logger.WarnContext(ctx, "failed to parse aud or audience claim in introspection response")
-			return &MCPAuthError{Code: http.StatusUnauthorized, Message: "invalid aud claim", ScopesRequired: a.ScopesRequired}
+			return nil, &MCPAuthError{Code: http.StatusUnauthorized, Message: "invalid aud claim", ScopesRequired: a.ScopesRequired}
 		}
 	}
 
-	return a.validateClaims(ctx, aud, introspectResp.Scope)
+	err = a.validateClaims(ctx, introspectResp.Iss, aud, introspectResp.Scope)
+	if err != nil {
+		return nil, err
+	}
+	claims := map[string]any{
+		"active": introspectResp.Active,
+		"scope":  introspectResp.Scope,
+		"aud":    aud,
+		"exp":    introspectResp.Exp,
+		"iss":    introspectResp.Iss,
+	}
+	return claims, nil
 }
 
 // validateClaims validates the audience and scopes of a token
-func (a AuthService) validateClaims(ctx context.Context, aud []string, scopeStr string) error {
+func (a AuthService) validateClaims(ctx context.Context, iss string, aud []string, scopeStr string) error {
 	logger, err := util.LoggerFromContext(ctx)
 	if err != nil {
 		return fmt.Errorf("failed to get logger from context: %w", err)
 	}
 
+	// Validate issuer
+	if a.issuer != "" && iss != "" {
+		if iss != a.issuer {
+			logger.WarnContext(ctx, "issuer validation failed: expected %s, got %s", a.issuer, iss)
+			return &MCPAuthError{Code: http.StatusUnauthorized, Message: "issuer validation failed", ScopesRequired: a.ScopesRequired}
+		}
+	}
+
 	// Validate audience
 	if a.Audience != "" {
 		isAudValid := false