nat.plugins.mcp.auth.service_account.provider

Attributes

logger

Classes

MCPServiceAccountProvider

MCP service account authentication provider using OAuth2 client credentials.

Module Contents

logger

class MCPServiceAccountProvider(

config: nat.plugins.mcp.auth.service_account.provider_config.MCPServiceAccountProviderConfig,

builder=None,

)

Bases: nat.authentication.interfaces.AuthProviderBase[nat.plugins.mcp.auth.service_account.provider_config.MCPServiceAccountProviderConfig]

MCP service account authentication provider using OAuth2 client credentials.

Provides headless authentication for MCP clients using service account credentials. Supports two authentication patterns:

1. Single authentication: OAuth2 service account token only

2. Dual authentication: OAuth2 service account token + service-specific token

Initialize the AuthProviderBase with the given configuration.

Args:

config (AuthProviderBaseConfig): Configuration items for authentication.

_token_client

_service_token_function = None

_load_function(function_path: str) → Callable

Load a Python function from a module path string (e.g., ‘my_module.get_token’).

async authenticate(

user_id: str | None = None,

\*\*kwargs,

) → nat.data_models.authentication.AuthResult

Authenticate using OAuth2 client credentials flow.

Note: user_id is ignored for service accounts (non-session-specific).

Returns:

AuthResult with HeaderCred objects for service account authentication