fix: Support separate auth tokens for Onboarding API and MCPs (#142)

Co-authored-by: Enrico Kaack <enrico.kaack@sap.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Valentin Gerlach <valentin.gerlach@sap.com>

Author: 4 people

.env.template

@@ -1,6 +1,7 @@
 # OpenID Connect Configuration for Onboarding API
 OIDC_ISSUER=
 OIDC_CLIENT_ID=
+OIDC_CLIENT_ID_MCP=
 OIDC_SCOPES=
 OIDC_REDIRECT_URI=http://localhost:5173
 
@@ -15,6 +16,7 @@ API_BACKEND_URL=
 # Replace this value with a strong, randomly generated string (at least 32 characters).
 # Example for generation in Node.js: require('crypto').randomBytes(32).toString('hex')
 COOKIE_SECRET=
+SESSION_SECRET=
 
 FEEDBACK_SLACK_URL=
 FEEDBACK_URL_LINK=

package-lock.json

@@ -24,8 +24,9 @@
     "@fastify/cookie": "^11.0.2",
     "@fastify/env": "^5.0.2",
     "@fastify/http-proxy": "^11.1.2",
-    "@fastify/secure-session": "^8.2.0",
     "@fastify/sensible": "^6.0.3",
+    "@fastify/secure-session": "^8.2.0",
+    "@fastify/session": "^11.1.0",
     "@fastify/static": "^8.1.1",
     "@fastify/vite": "^8.1.3",
     "@hookform/resolvers": "^5.0.0",
@@ -83,4 +84,4 @@
     "vite": "^6.3.4",
     "vitest": "^3.1.4"
   }
-}
+}

package.json

@@ -252,9 +252,6 @@
     },
     "learnButton": "Learn how to do this in code"
   },
-  "App": {
-    "loading": "Loading..."
-  },
   "Providers": {
     "headerProviders": "Providers",
     "tableHeaderVersion": "Version",

public/locales/en.json

@@ -2,14 +2,18 @@ import path, { join, dirname } from "node:path";
 import { fileURLToPath } from "node:url";
 import AutoLoad from "@fastify/autoload";
 import envPlugin from "./config/env.js";
+import encryptedSession from "./encrypted-session.js";
 
 export const options = {};
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 
-export default async function(fastify, opts) {
+export default async function (fastify, opts) {
   await fastify.register(envPlugin);
+  fastify.register(encryptedSession, {
+    ...opts,
+  });
 
   await fastify.register(AutoLoad, {
     dir: join(__dirname, "plugins"),
@@ -20,4 +24,6 @@ export default async function(fastify, opts) {
     dir: join(__dirname, "routes"),
     options: { ...opts },
   });
-}
+
+
+}

server/app.js

@@ -1,23 +1,35 @@
-import fastifyPlugin from "fastify-plugin";
-import fastifyEnv from "@fastify/env";
+import fastifyPlugin from 'fastify-plugin';
+import fastifyEnv from '@fastify/env';
 
 const schema = {
-  type: "object",
-  required: ["OIDC_ISSUER", "OIDC_CLIENT_ID", "OIDC_REDIRECT_URI", "OIDC_SCOPES", "POST_LOGIN_REDIRECT", "COOKIE_SECRET", "API_BACKEND_URL"],
+  type: 'object',
+  required: [
+    'OIDC_ISSUER',
+    'OIDC_CLIENT_ID',
+    'OIDC_CLIENT_ID_MCP',
+    'OIDC_REDIRECT_URI',
+    'OIDC_SCOPES',
+    'POST_LOGIN_REDIRECT',
+    'COOKIE_SECRET',
+    'SESSION_SECRET',
+    'API_BACKEND_URL',
+  ],
   properties: {
     // Application variables (.env)
-    OIDC_ISSUER: { type: "string" },
-    OIDC_CLIENT_ID: { type: "string" },
-    OIDC_REDIRECT_URI: { type: "string" },
-    OIDC_SCOPES: { type: "string" },
-    POST_LOGIN_REDIRECT: { type: "string" },
-    COOKIE_SECRET: { type: "string" },
-    API_BACKEND_URL: { type: "string" },
-    FEEDBACK_SLACK_URL: { type: "string" },
-    FEEDBACK_URL_LINK: { type: "string" },
+    OIDC_ISSUER: { type: 'string' },
+    OIDC_CLIENT_ID: { type: 'string' },
+    OIDC_CLIENT_ID_MCP: { type: 'string' },
+    OIDC_REDIRECT_URI: { type: 'string' },
+    OIDC_SCOPES: { type: 'string' },
+    POST_LOGIN_REDIRECT: { type: 'string' },
+    COOKIE_SECRET: { type: 'string' },
+    SESSION_SECRET: { type: 'string' },
+    API_BACKEND_URL: { type: 'string' },
+    FEEDBACK_SLACK_URL: { type: 'string' },
+    FEEDBACK_URL_LINK: { type: 'string' },
 
     // System variables
-    NODE_ENV: { type: "string", enum: ["development", "production"] },
+    NODE_ENV: { type: 'string', enum: ['development', 'production'] },
   },
 };