Skip to content

CIMD#303

Open
josephdecock wants to merge 2 commits intomainfrom
jmdc/cimd
Open

CIMD#303
josephdecock wants to merge 2 commits intomainfrom
jmdc/cimd

Conversation

@josephdecock
Copy link
Copy Markdown
Member

@josephdecock josephdecock commented Mar 13, 2026
edited
Loading

This adds a sample showing how to implement CIMD in IdentityServer to authenticate MCP clients like VS Code.

Apologies for the large number of files, but most of it is standard IdentityServer and a copy of the weather MCP server.

The interesting dozen or so CIMD-specific files are all in CIMD.IdentityServer/. Everything else is copied from McpDemo with namespace changes.

maartenba
maartenba approved these changes Mar 13, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@maartenba maartenba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks solid!

Note to self: needs duplication into v8 samples folder for now.

@josephdecock josephdecock requested a review from a team March 15, 2026 15:35
bhazen
bhazen reviewed Mar 17, 2026
View reviewed changes
Comment thread IdentityServer/v7/CIMD/CIMD.IdentityServer/McpCimdPolicy.cs Outdated
Comment thread IdentityServer/v7/CIMD/CIMD.IdentityServer/CimdClientBuilder.cs
@narbit
Copy link
Copy Markdown

narbit commented Mar 26, 2026

Maybe also extend DiscoveryResponseGenerator to add client_id_metadata_document_supported property.

@josephdecock
Copy link
Copy Markdown
Member Author

josephdecock commented Mar 27, 2026

Maybe also extend DiscoveryResponseGenerator to add client_id_metadata_document_supported property.

I'm setting this via configuration. If CIMD was built into identity server I'd definitely want to make that automatic in the generator. But as a sample I think this is ok.

Do you have something in mind to favor the generator?

@narbit
Copy link
Copy Markdown

narbit commented Mar 27, 2026

Maybe also extend DiscoveryResponseGenerator to add client_id_metadata_document_supported property.

I'm setting this via configuration. If CIMD was built into identity server I'd definitely want to make that automatic in the generator. But as a sample I think this is ok.

Do you have something in mind to favor the generator?

No, I was hoping it makes it all the way to identity server as a feature, alongside DCR :)

github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 1, 2026
View reviewed changes
Comment thread IdentityServer/v7/CIMD/CIMD.IdentityServer/wwwroot/js/signin-redirect.js Dismissed
@josephdecock
Copy link
Copy Markdown
Member Author

josephdecock commented Apr 17, 2026

@bhazen @maartenba - I've made some changes since your reviews, and wondered if you would take a fresh look.

Notable is the use of Barry Dorrans' new SSRF protection package, and expansion of the extension points in the cimd policy.

@maartenba maartenba self-requested a review April 17, 2026 08:13
maartenba
maartenba approved these changes Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@maartenba maartenba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nothing to add, looks good imo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maartenba maartenba maartenba approved these changes

@bhazen bhazen bhazen approved these changes

+1 more reviewer

@narbit narbit narbit left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@josephdecock @narbit @maartenba @bhazen @github-advanced-security