[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"pack-detail-mcp-auth-identity-stack-zh":3,"seo:pack:mcp-auth-identity-stack:zh":94},{"code":4,"message":5,"data":6},200,"操作成功",{"pack":7},{"slug":8,"icon":9,"tone":10,"status":11,"status_label":12,"title":13,"description":14,"items":15,"install_cmd":93},"mcp-auth-identity-stack","🔐","#1E40AF","stable","稳定","MCP 认证 + 身份栈","给要在 MCP server 里接 OAuth \u002F SAML \u002F SSO 的开发者准备的 9 件套 — 先 secret vault（Infisical \u002F sops），再 OAuth\u002FOIDC 流程助手（OpenAuth、Device Flow checklist），再身份源（Keycloak \u002F Dex），再细粒度 scope（Casbin \u002F OPA），最后审计（mcp-audit）。安装顺序有讲究，取舍说人话。",[16,28,36,46,55,63,70,77,83],{"id":17,"uuid":18,"slug":19,"title":20,"description":21,"author_name":22,"view_count":23,"vote_count":24,"lang_type":25,"type":26,"type_label":27},452,"41fbcc5c-aac8-4f3e-8305-cf2462809684","infisical-open-source-secret-management-41fbcc5c","Infisical — Open-Source Secret Management","Manage API keys and secrets across teams and environments. Auto-sync to apps, rotation, audit logs. 25K+ GitHub stars.","Skill Factory",437,0,"en","skill","Skill",{"id":29,"uuid":30,"slug":31,"title":32,"description":33,"author_name":34,"view_count":35,"vote_count":24,"lang_type":25,"type":26,"type_label":27},1179,"f8f53103-3712-11f1-9bc6-00163e2b0d79","sops-simple-flexible-secrets-management-f8f53103","sops — Simple and Flexible Secrets Management","sops (Secrets OPerationS) encrypts values in YAML, JSON, ENV, and INI files while keeping keys in plaintext. This lets you version-control encrypted secrets in Git, using age, AWS KMS, GCP KMS, Azure Key Vault, or PGP as encryption backends.","Script Depot",270,{"id":37,"uuid":38,"slug":39,"title":40,"description":41,"author_name":42,"view_count":43,"vote_count":24,"lang_type":25,"type":44,"type_label":45},3009,"4ef9462d-c757-48ec-93c1-db0c2835dc0c","openauth-universal-auth-server-you-can-self-host","OpenAuth — Universal Auth Server You Can Self-Host","Dax Raad's team's centralized auth server you self-host. Multi-tenant, OAuth\u002Fpassword\u002FSAML\u002Fpasskey. Auth0\u002FClerk replacement with full control.","SST",232,"script","Script",{"id":47,"uuid":48,"slug":49,"title":50,"description":51,"author_name":52,"view_count":53,"vote_count":24,"lang_type":54,"type":26,"type_label":27},4262,"09df47ef-5671-473a-b2d4-7f1037a43ca6","oauth-device-flow-cli-agent-login-checklist-09df47ef","OAuth Device Flow — CLI Agent Login Checklist","OAuth device flow checklist for CLI and agent login. Covers user codes, polling intervals, token storage, logs, and security boundaries.","henuwangkai",175,"",{"id":56,"uuid":57,"slug":58,"title":59,"description":60,"author_name":61,"view_count":62,"vote_count":24,"lang_type":25,"type":26,"type_label":27},935,"2d385875-34c8-11f1-9bc6-00163e2b0d79","keycloak-open-source-identity-access-management-2d385875","Keycloak — Open Source Identity & Access Management","Keycloak is the most widely deployed open-source IAM solution. SSO, OIDC, SAML, LDAP federation, MFA, social login, and user management for enterprise applications.","AI Open Source",259,{"id":64,"uuid":65,"slug":66,"title":67,"description":68,"author_name":61,"view_count":69,"vote_count":24,"lang_type":25,"type":26,"type_label":27},2479,"ecd851b3-4578-11f1-9bc6-00163e2b0d79","dex-openid-connect-identity-provider-pluggable-connectors-ecd851b3","Dex — OpenID Connect Identity Provider with Pluggable Connectors","Federate authentication across LDAP, SAML, GitHub, Google, and other identity providers through a single OIDC and OAuth 2.0 interface.",194,{"id":71,"uuid":72,"slug":73,"title":74,"description":75,"author_name":61,"view_count":76,"vote_count":24,"lang_type":25,"type":26,"type_label":27},4627,"e2e074be-54ae-11f1-9bc6-00163e2b0d79","casbin-flexible-policy-based-access-control-framework-e2e074be","Casbin — Flexible Policy-Based Access Control Framework","Casbin is an authorization library that supports access control models including ACL, RBAC, and ABAC. It provides a unified API across Go, Java, Node.js, Python, and other languages, letting developers define and enforce fine-grained permissions using a declarative policy language.",166,{"id":78,"uuid":79,"slug":80,"title":81,"description":82,"author_name":61,"view_count":62,"vote_count":24,"lang_type":25,"type":26,"type_label":27},1428,"4153bc1e-3900-11f1-9bc6-00163e2b0d79","open-policy-agent-opa-unified-policy-engine-cloud-native-4153bc1e","Open Policy Agent (OPA) — Unified Policy Engine for Cloud Native","CNCF graduated policy engine that decouples authorization and admission rules from your services. Write policies once in Rego, evaluate them anywhere.",{"id":84,"uuid":85,"slug":86,"title":87,"description":88,"author_name":89,"view_count":90,"vote_count":24,"lang_type":25,"type":91,"type_label":92},3443,"67ac2a2b-e81c-50f9-bb30-0943e7df8787","mcp-audit-scan-mcp-configs-for-secrets-shadow-apis","mcp-audit — Scan MCP Configs for Secrets & Shadow APIs","Audit MCP server configs and source trees to find exposed secrets, risky endpoints, and model access. Outputs JSON\u002FCSV\u002FSARIF\u002FCycloneDX AI-BOM for CI gates.","MCP Hub",131,"mcp","MCP","tokrepo install pack\u002Fmcp-auth-identity-stack",{"pageType":95,"pageKey":8,"locale":96,"title":97,"metaDescription":98,"h1":99,"tldr":100,"bodyMarkdown":101,"faq":102,"schema":118,"internalLinks":124,"citations":137,"wordCount":150,"generatedAt":151},"pack","zh","MCP 认证 + 身份栈 — 9 个接 OAuth \u002F SAML \u002F SSO 的开源选择","Infisical \u002F sops \u002F OpenAuth \u002F OAuth Device Flow \u002F Keycloak \u002F Dex \u002F Casbin \u002F OPA \u002F mcp-audit — 给 MCP server 接 OAuth、SAML、SSO 的成套开源方案，含安装顺序、scope 策略、审计落地。","MCP 认证 + 身份栈 — 给 MCP server 接 OAuth \u002F SAML \u002F SSO 的正经路径","九件套按安装顺序排：先把 secret 存好，再把 OAuth 流程跑通，再插身份源，再加细粒度 scope，最后开审计。哪一层跳过，将来都会被审计师在你用户之前发现。","## 这个 pack 包含什么\n\n这套是给已经下定决心「我的 MCP server 不能再把 `OPENAI_API_KEY` 写在 `.env.example` 里」的工程师准备的。每个都是**开源**、**生产级**、对应**认证洋葱里的一个特定层**。**安装顺序要紧** — 底层装错，上面每一层都会骗你。\n\n这套里**没有** Auth0 wrapper 或一键 SSO 的 SaaS。目标是端到端把信任边界握在自己手里 —— 因为如果你的 MCP server 帮 agent 把工具调用打到客户数据库，**信任边界就是产品**。\n\n## 推荐安装顺序\n\n1. **Infisical** — 给开发者用的 secret vault。替掉 `.env`，给每个 service 一份带类型的 secret。可自托管，有 CLI 和 SDK。从这里起步，因为后面每个工具都要找个地方放 client secret \u002F signing key \u002F webhook token。**别带着明文 secret 直接跳到第 2 步**。\n2. **sops** — 给提交到 git 的配置加密。Infisical 管运行时，sops 管你确实想入库的 YAML \u002F JSON \u002F env 文件（Helm values、Terraform tfvars、GitHub Actions）。Mozilla 出的事实标准，底层用 KMS \u002F age \u002F PGP。和 Infisical 是搭档不是替代。\n3. **OpenAuth** — 可自托管的通用 auth server，SST 团队出品。如果想自己当 OAuth 2.1 + OIDC 发证方又不想接 Auth0\u002FClerk，这就是替代品。默认配置合理、TypeScript 优先、能跑在 Lambda \u002F Cloudflare \u002F Node 上。如果你 MCP 后端是 JS\u002FTS 且公司没有现成 IdP，选这个。\n4. **OAuth Device Flow — CLI Agent Login Checklist** — 不是一个 server，是一份 checklist。CLI agent（Claude Code \u002F Codex \u002F Cursor \u002F 你自己的 MCP 客户端）通过 RFC 8628 device flow 登录。这份 checklist 覆盖 user code、polling interval、token 存储、refresh、和会咬人的边界（verifier 复用 \u002F polling DoS \u002F shell 历史里的 user code）。写流程之前先读，不是写完之后。\n5. **Keycloak** — 重量级 IdP，原生支持 SAML \u002F OIDC \u002F LDAP 联邦。如果你客户要把 MCP server 挂到 Okta \u002F Azure AD \u002F Google Workspace 上做 SAML 联邦，选这个。Java 写的，自带 admin UI，15+ 年 CVE 修复积累。占资源（1-2 GB RAM）但稳如老狗。\n6. **Dex** — 轻量级 OIDC 身份源，支持可插拔 connector。如果你想要一个小 Go 二进制把 LDAP \u002F GitHub \u002F Google \u002F SAML 联邦成单个 OIDC issuer 然后就完事，选 Dex 不选 Keycloak。Kubernetes 原生、没有 admin UI 要维护。云原生团队默认 Dex，传统企业默认 Keycloak。\n7. **Casbin** — 灵活的策略式访问控制。认证（你是谁？）之后是授权（你能做什么？）。Casbin 把 RBAC \u002F ABAC \u002F RESTful matcher 都塞进一个小 config 文件，15+ 语言都有库。定义 `(subject, object, action)` 规则，在每个 MCP tool 入口检查。**应用层 scope 的合适尺寸**。\n8. **Open Policy Agent (OPA)** — 基于 Rego 的云原生统一策略引擎。如果策略要跨多个 service —— admission control \u002F sidecar 执行 \u002F terraform plan 校验 \u002F MCP gateway 中间件 —— 选 OPA 不选 Casbin。比 Casbin 重，但当「谁能调这个 MCP tool」和「谁能部署这个 pod」是同一个问题时，它才是正确答案。\n9. **mcp-audit** — 扫 MCP 配置找 secret 和 shadow API。诚实的审计步骤：指向你的 MCP server 配置，它会标出硬编码的 key、没声明的 egress、没加 scope 的 tool。每次改动后在 CI 里跑。**你需要这个 pack 恰恰是因为前面 8 层都很容易配错**。\n\n## 它们怎么协同\n\n```\n         ┌─ Infisical (运行时 secret) ─┐\nSECRET   │                              │── 下面每一层都要用\n         └─ sops (入库 secret) ────────┘\n             │\n             ▼\nAUTHN    OpenAuth  \u002F  Keycloak  \u002F  Dex\n   (你的 MCP server 发 \u002F 验 OIDC token)\n             │\n             ▼\n流程     OAuth Device Flow Checklist\n   (CLI agent 没浏览器也能登录)\n             │\n             ▼\nAUTHZ    Casbin (进程内)  \u002F  OPA (sidecar)\n   (每个 MCP tool 调用都过一遍策略)\n             │\n             ▼\n审计     mcp-audit (CI 闸口)  +  签名审计日志\n   (出事时能给客户或监管证明)\n```\n\n**最容易被跳过的一层是 scope** —— 团队接好了 OAuth，然后把每个 MCP tool 暴露给每个登录用户。这就是认证版的 `chmod 777`。**第一天就选 Casbin 或 OPA**，在第一个真业务 tool 上线之前把策略文件写进 repo。\n\n## 你会遇到的取舍\n\n- **Infisical vs HashiCorp Vault** — Vault 更强（动态 secret \u002F PKI \u002F transit 加密 \u002F lease）但运维成本高。Infisical 在 DX 上完胜，对 90% 的 MCP server 足够。等需要短期数据库凭据或审计师明确要求时再换 Vault。\n- **OpenAuth vs Keycloak vs Dex** — OpenAuth = 用 TS 廉价自建 IdP。Keycloak = 自带 admin UI 的企业级 IdP。Dex = 套在现有身份源前面的 OIDC 桥。**别同时跑两个**，token 发证方只能有一个。\n- **Casbin vs OPA** — Casbin 进程内、微秒级延迟、model 文件简单。OPA 跑成 service 或 sidecar，支持复杂 Rego，跟 Kubernetes \u002F Envoy \u002F Terraform 集成好。**策略只在你 MCP server 里用 → Casbin**；策略要全组织通用 → OPA。\n- **Device Flow vs PKCE redirect** — 没浏览器的 CLI \u002F agent 客户端选 device flow（读 checklist）。桌面或 Web MCP 客户端有浏览器，选 PKCE redirect，简单且更安全。\n- **mcp-audit 闸口 vs 运行时** — CI 闸口防配置漂移，运行时审计抓行为。**最终都要**，先把 CI 闸口接上。\n\n## 常见踩坑\n\n- **secret 写在 `claude_desktop_config.json` 或 `.cursor\u002Fmcp.json` 里** — 这些文件最后会进 dotfile repo \u002F 屏幕共享 \u002F 帖子截图。改成引用 Infisical handle 或 sops 加密文件，不要写原值。\n- **OAuth client secret 跨环境复用** — MCP server 经常有 dev\u002Fstaging\u002Fprod 三套；泄一个就同时报废三套。**第一天就发三套独立 client**。\n- **拿 OIDC ID token 当 bearer 调上游 API** — ID token 是给客户端用的，不是给上游 API 的。要先换成带正确 `aud` 和 scope 的 access token。\n- **给每个登录用户都发 `mcp:*` scope** — 定义 tool 级 scope（`mcp:tool:read_file`、`mcp:tool:exec`），在中间件里检查。**Casbin \u002F OPA 存在就是为了干这个**。\n- **tool 调用没审计日志** — 当客户问「这个 agent 真的删了那条记录吗？」你需要的是签名 + append-only 的日志。mcp-audit 抓配置问题，**你 MCP server 自己也要发结构化审计事件**。",[103,106,109,112,115],{"q":104,"a":105},"Infisical 和 sops 真的都要装？","是的，它们解决不同问题。Infisical 替代运行时的 `.env` —— 你的服务启动时通过类型化 SDK 或 sidecar 拉 secret，自带轮换和访问日志。sops 加密的是你想入库到 git 的 YAML \u002F JSON \u002F tfvars 文件（Helm values、Terraform variable、GitHub Actions 输入）。Infisical 是活 secret 的真理源，sops 是让声明式配置在 PR 里可 review 又不泄漏字面值的工具。两者搭档而非替代。",{"q":107,"a":108},"OpenAuth、Keycloak、Dex 怎么选？","TypeScript 团队从零自建 IdP、没有遗留身份源 —— 选 OpenAuth。客户要完整企业 IdP（和 Okta\u002FAzure AD 做 SAML 联邦、admin UI、自助账号、开箱 MFA）—— 选 Keycloak。已经有身份源（LDAP \u002F GitHub \u002F Google）只缺一个 OIDC 桥 —— 选 Dex。同时跑两个 = 攻击面翻倍，token 发证方只能有一个。",{"q":110,"a":111},"Casbin vs OPA — OPA 的额外复杂度什么时候值得？","Casbin 适合：策略只活在你一个 MCP server 里，问题是「subject X 是不是 role Y」或「subject X 对资源 R 是否有 Z 权限」。OPA 适合：同一个策略要被多个服务执行（MCP gateway \u002F Kubernetes admission \u002F Terraform plan check \u002F API gateway），需要单一 Rego 规则作为真理源。如果你别处还没跑 OPA，Casbin 起步更快、运维负担为零。",{"q":113,"a":114},"OAuth Device Flow Checklist 到底能帮我省什么？","省的是「第二次 code review 能抓到、第一次直接给你拿 CVE」的那些错误：retry 时不轮换 device code、polling 比服务器 `interval` 快被限流、把完整 user code 打进 shell 历史、refresh token 存 `~\u002F.config` 还 mode 644、logout 时不撤销 refresh token。Checklist 是一页起飞前自查，让资深 reviewer 跳过显眼问题直接看你真实流程。",{"q":116,"a":117},"mcp-audit 跟 Gitleaks 这种通用 secret 扫描器有啥区别？","Gitleaks 扫 git 历史里任何看起来像 credential 的字符串。mcp-audit 专门理解 MCP server 配置 schema —— 它会标出没有 scope 的 MCP tool、声明 `network_access: true` 却没列上游 host 的 server、不加限制就挂宿主文件系统的配置。**不同层**：Gitleaks 管 repo，mcp-audit 管 MCP 配置。CI 里两个一起跑，几乎不重叠。",{"@context":119,"@type":120,"name":13,"description":121,"numberOfItems":122,"inLanguage":123},"https:\u002F\u002Fschema.org","ItemList","9 个开源工具按安装顺序，帮你给 MCP server 接 OAuth \u002F SAML \u002F SSO，从 secret vault 一路到审计日志。",9,"zh-CN",[125,129,133],{"url":126,"anchor":127,"reason":128},"\u002Fzh\u002Ftopics","浏览其他主题 pack","MCP 认证是开发者技术栈系列中的一个主题",{"url":130,"anchor":131,"reason":132},"\u002Fzh\u002Fai-tools-for\u002Fsecurity","AI Agent 安全工具集","认证和 secret 是更大 agent 安全目录的入口",{"url":134,"anchor":135,"reason":136},"\u002Fzh\u002Ffeatured","TokRepo 精选资产","这九个工具属于更大的精选目录",[138,142,146],{"claim":139,"source_name":140,"source_url":141},"Infisical 是开源的 secret 管理方案","Infisical 官网","https:\u002F\u002Finfisical.com\u002F",{"claim":143,"source_name":144,"source_url":145},"Casbin 是策略式访问控制库，支持多语言实现","Casbin 官网","https:\u002F\u002Fcasbin.org\u002F",{"claim":147,"source_name":148,"source_url":149},"OAuth 2.0 Device Authorization Grant 规范为 RFC 8628","IETF RFC 8628","https:\u002F\u002Fdatatracker.ietf.org\u002Fdoc\u002Fhtml\u002Frfc8628",910,"2026-05-22T10:00:00Z"]