feat: adds OAuth/OIDC authentication for MCP

app/mcp.py

@@ -7,9 +7,10 @@ from sqlalchemy.orm import Session
 from app.config import Settings, get_settings
 from app.db import get_db
 from app.models import CrawlRun, Employee
-from app.security import require_mcp_token
+from app.security import mcp_protected_resource_metadata, require_mcp_auth
 
 router = APIRouter(prefix="/mcp")
+metadata_router = APIRouter()
 
 
 TOOLS = [
@@ -55,7 +56,7 @@ async def mcp_http(
     db: Session = Depends(get_db),
     settings: Settings = Depends(get_settings),
 ) -> dict:
-    require_mcp_token(request, settings)
+    require_mcp_auth(request, settings)
     payload = await request.json()
     method = payload.get("method")
     request_id = payload.get("id")
@@ -168,3 +169,8 @@ def _run_payload(run: CrawlRun) -> dict:
 
 def _tool_response(data: object) -> dict:
     return {"content": [{"type": "text", "text": json.dumps(data, ensure_ascii=False, default=str)}]}
+
+
+@metadata_router.get("/.well-known/oauth-protected-resource")
+def oauth_protected_resource(settings: Settings = Depends(get_settings)) -> dict:
+    return mcp_protected_resource_metadata(settings)