├── .github └── workflows │ ├── ci-linux.yaml │ ├── containers.yaml │ ├── govulncheck.yaml │ └── release.yaml ├── .gitignore ├── .goreleaser.yaml ├── Dockerfile ├── LICENSE ├── Makefile ├── README.md ├── cmd └── verifier │ ├── README.md │ └── verifier.go ├── docs └── proxmox │ ├── README.md │ ├── add-group-permission.png │ ├── add-oidc-client.png │ ├── configure-realm.png │ ├── create-lxc.png │ ├── create-realm.png │ ├── login-using-tailscale-realm.png │ └── tsidp-multiple-uri-redirects.png ├── examples ├── mcp-gateway │ ├── README.md │ ├── client │ │ ├── mcp_oauth_client │ │ │ ├── __init__.py │ │ │ ├── auth.py │ │ │ ├── main.py │ │ │ └── storage.py │ │ ├── pyproject.toml │ │ └── uv.lock │ ├── gateway │ │ ├── mcp_auth_gateway │ │ │ ├── __init__.py │ │ │ ├── auth_interceptor.py │ │ │ ├── gateway.py │ │ │ ├── logging.py │ │ │ ├── main.py │ │ │ ├── oauth_registration.py │ │ │ └── token_exchange.py │ │ ├── pyproject.toml │ │ └── uv.lock │ └── server │ │ ├── pyproject.toml │ │ ├── src │ │ └── mcp_auth_server │ │ │ ├── __init__.py │ │ │ ├── __main__.py │ │ │ ├── auth.py │ │ │ ├── discovery.py │ │ │ ├── registration.py │ │ │ ├── server.py │ │ │ └── tools.py │ │ └── uv.lock └── mcp-server │ ├── README.md │ ├── go.mod │ ├── go.sum │ ├── images │ ├── authorization-flow.png │ └── tool-call.png │ └── mcp-server.go ├── flake.lock ├── flake.nix ├── go.mod ├── go.mod.sri ├── go.sum ├── license_test.go ├── scripts └── docker │ └── run.sh ├── server ├── appcap.go ├── authorize.go ├── authorize_test.go ├── client_test.go ├── clients.go ├── extraclaims.go ├── extraclaims_test.go ├── helpers_test.go ├── oauth-metadata.go ├── oauth-metadata_test.go ├── server.go ├── server_test.go ├── token.go ├── token_test.go ├── ui-edit.html ├── ui-header.html ├── ui-list.html ├── ui-style.css ├── ui.go ├── ui_test.go ├── userinfo.go └── userinfo_test.go ├── tsidp-server.go └── update-flake.sh /.github/workflows/ci-linux.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/.github/workflows/ci-linux.yaml -------------------------------------------------------------------------------- /.github/workflows/containers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/.github/workflows/containers.yaml -------------------------------------------------------------------------------- /.github/workflows/govulncheck.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/.github/workflows/govulncheck.yaml -------------------------------------------------------------------------------- /.github/workflows/release.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/.github/workflows/release.yaml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/.gitignore -------------------------------------------------------------------------------- /.goreleaser.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/.goreleaser.yaml -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/Dockerfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/README.md -------------------------------------------------------------------------------- /cmd/verifier/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/cmd/verifier/README.md -------------------------------------------------------------------------------- /cmd/verifier/verifier.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/cmd/verifier/verifier.go -------------------------------------------------------------------------------- /docs/proxmox/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/docs/proxmox/README.md -------------------------------------------------------------------------------- /docs/proxmox/add-group-permission.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/docs/proxmox/add-group-permission.png -------------------------------------------------------------------------------- /docs/proxmox/add-oidc-client.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/docs/proxmox/add-oidc-client.png -------------------------------------------------------------------------------- /docs/proxmox/configure-realm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/docs/proxmox/configure-realm.png -------------------------------------------------------------------------------- /docs/proxmox/create-lxc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/docs/proxmox/create-lxc.png -------------------------------------------------------------------------------- /docs/proxmox/create-realm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/docs/proxmox/create-realm.png -------------------------------------------------------------------------------- /docs/proxmox/login-using-tailscale-realm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/docs/proxmox/login-using-tailscale-realm.png -------------------------------------------------------------------------------- /docs/proxmox/tsidp-multiple-uri-redirects.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/docs/proxmox/tsidp-multiple-uri-redirects.png -------------------------------------------------------------------------------- /examples/mcp-gateway/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/README.md -------------------------------------------------------------------------------- /examples/mcp-gateway/client/mcp_oauth_client/__init__.py: -------------------------------------------------------------------------------- 1 | """MCP OAuth Client CLI package.""" 2 | 3 | __version__ = "0.1.0" -------------------------------------------------------------------------------- /examples/mcp-gateway/client/mcp_oauth_client/auth.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/client/mcp_oauth_client/auth.py -------------------------------------------------------------------------------- /examples/mcp-gateway/client/mcp_oauth_client/main.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/client/mcp_oauth_client/main.py -------------------------------------------------------------------------------- /examples/mcp-gateway/client/mcp_oauth_client/storage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/client/mcp_oauth_client/storage.py -------------------------------------------------------------------------------- /examples/mcp-gateway/client/pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/client/pyproject.toml -------------------------------------------------------------------------------- /examples/mcp-gateway/client/uv.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/client/uv.lock -------------------------------------------------------------------------------- /examples/mcp-gateway/gateway/mcp_auth_gateway/__init__.py: -------------------------------------------------------------------------------- 1 | """MCP Gateway with RFC 8693 OAuth Token Exchange support.""" 2 | 3 | __version__ = "0.1.0" -------------------------------------------------------------------------------- /examples/mcp-gateway/gateway/mcp_auth_gateway/auth_interceptor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/gateway/mcp_auth_gateway/auth_interceptor.py -------------------------------------------------------------------------------- /examples/mcp-gateway/gateway/mcp_auth_gateway/gateway.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/gateway/mcp_auth_gateway/gateway.py -------------------------------------------------------------------------------- /examples/mcp-gateway/gateway/mcp_auth_gateway/logging.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/gateway/mcp_auth_gateway/logging.py -------------------------------------------------------------------------------- /examples/mcp-gateway/gateway/mcp_auth_gateway/main.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/gateway/mcp_auth_gateway/main.py -------------------------------------------------------------------------------- /examples/mcp-gateway/gateway/mcp_auth_gateway/oauth_registration.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/gateway/mcp_auth_gateway/oauth_registration.py -------------------------------------------------------------------------------- /examples/mcp-gateway/gateway/mcp_auth_gateway/token_exchange.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/gateway/mcp_auth_gateway/token_exchange.py -------------------------------------------------------------------------------- /examples/mcp-gateway/gateway/pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/gateway/pyproject.toml -------------------------------------------------------------------------------- /examples/mcp-gateway/gateway/uv.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/gateway/uv.lock -------------------------------------------------------------------------------- /examples/mcp-gateway/server/pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/server/pyproject.toml -------------------------------------------------------------------------------- /examples/mcp-gateway/server/src/mcp_auth_server/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/server/src/mcp_auth_server/__init__.py -------------------------------------------------------------------------------- /examples/mcp-gateway/server/src/mcp_auth_server/__main__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/server/src/mcp_auth_server/__main__.py -------------------------------------------------------------------------------- /examples/mcp-gateway/server/src/mcp_auth_server/auth.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/server/src/mcp_auth_server/auth.py -------------------------------------------------------------------------------- /examples/mcp-gateway/server/src/mcp_auth_server/discovery.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/server/src/mcp_auth_server/discovery.py -------------------------------------------------------------------------------- /examples/mcp-gateway/server/src/mcp_auth_server/registration.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/server/src/mcp_auth_server/registration.py -------------------------------------------------------------------------------- /examples/mcp-gateway/server/src/mcp_auth_server/server.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/server/src/mcp_auth_server/server.py -------------------------------------------------------------------------------- /examples/mcp-gateway/server/src/mcp_auth_server/tools.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/server/src/mcp_auth_server/tools.py -------------------------------------------------------------------------------- /examples/mcp-gateway/server/uv.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-gateway/server/uv.lock -------------------------------------------------------------------------------- /examples/mcp-server/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-server/README.md -------------------------------------------------------------------------------- /examples/mcp-server/go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-server/go.mod -------------------------------------------------------------------------------- /examples/mcp-server/go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-server/go.sum -------------------------------------------------------------------------------- /examples/mcp-server/images/authorization-flow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-server/images/authorization-flow.png -------------------------------------------------------------------------------- /examples/mcp-server/images/tool-call.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-server/images/tool-call.png -------------------------------------------------------------------------------- /examples/mcp-server/mcp-server.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/examples/mcp-server/mcp-server.go -------------------------------------------------------------------------------- /flake.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/flake.lock -------------------------------------------------------------------------------- /flake.nix: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/flake.nix -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/go.mod -------------------------------------------------------------------------------- /go.mod.sri: -------------------------------------------------------------------------------- 1 | sha256-iBy+osK+2LdkTzXhrkSaB6nWpUCpr8VkxJTtcfVCFuw= 2 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/go.sum -------------------------------------------------------------------------------- /license_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/license_test.go -------------------------------------------------------------------------------- /scripts/docker/run.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/scripts/docker/run.sh -------------------------------------------------------------------------------- /server/appcap.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/appcap.go -------------------------------------------------------------------------------- /server/authorize.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/authorize.go -------------------------------------------------------------------------------- /server/authorize_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/authorize_test.go -------------------------------------------------------------------------------- /server/client_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/client_test.go -------------------------------------------------------------------------------- /server/clients.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/clients.go -------------------------------------------------------------------------------- /server/extraclaims.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/extraclaims.go -------------------------------------------------------------------------------- /server/extraclaims_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/extraclaims_test.go -------------------------------------------------------------------------------- /server/helpers_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/helpers_test.go -------------------------------------------------------------------------------- /server/oauth-metadata.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/oauth-metadata.go -------------------------------------------------------------------------------- /server/oauth-metadata_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/oauth-metadata_test.go -------------------------------------------------------------------------------- /server/server.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/server.go -------------------------------------------------------------------------------- /server/server_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/server_test.go -------------------------------------------------------------------------------- /server/token.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/token.go -------------------------------------------------------------------------------- /server/token_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/token_test.go -------------------------------------------------------------------------------- /server/ui-edit.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/ui-edit.html -------------------------------------------------------------------------------- /server/ui-header.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/ui-header.html -------------------------------------------------------------------------------- /server/ui-list.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/ui-list.html -------------------------------------------------------------------------------- /server/ui-style.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/ui-style.css -------------------------------------------------------------------------------- /server/ui.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/ui.go -------------------------------------------------------------------------------- /server/ui_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/ui_test.go -------------------------------------------------------------------------------- /server/userinfo.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/userinfo.go -------------------------------------------------------------------------------- /server/userinfo_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/server/userinfo_test.go -------------------------------------------------------------------------------- /tsidp-server.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/tsidp-server.go -------------------------------------------------------------------------------- /update-flake.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tailscale/tsidp/HEAD/update-flake.sh --------------------------------------------------------------------------------