MCP Gateway container missing `ACTIONS_ID_TOKEN_REQUEST_URL` / `ACTIONS_ID_TOKEN_REQUEST_TOKEN` env vars

[bbonafed]

Summary

When an HTTP MCP server uses auth: { type: github-oidc }, the MCP gateway correctly attempts to mint GitHub OIDC tokens via ACTIONS_ID_TOKEN_REQUEST_URL. However, the gh-aw compiler (mcp_setup_generator.go) does not include these two environment variables in the explicit -e list on the docker run command that starts the gateway container. This causes the gateway to fail at startup with:

[ERROR] Server "my-server" requires OIDC authentication but ACTIONS_ID_TOKEN_REQUEST_URL is not set.
        OIDC auth is only available when running in GitHub Actions with `permissions: { id-token: write }`.

The workflow correctly declares permissions: { id-token: write }, and GitHub Actions does set ACTIONS_ID_TOKEN_REQUEST_URL and ACTIONS_ID_TOKEN_REQUEST_TOKEN on the runner. But because the gateway runs inside a Docker container with an explicit allowlist of -e variables, these two are never forwarded.

Observed behavior

• Gateway spec (§7.6.1) says: "On startup, the gateway checks for ACTIONS_ID_TOKEN_REQUEST_URL. If set, an OIDC provider is initialized." and "If a server has auth.type: 'github-oidc' but the OIDC env vars are missing, the gateway MUST log an error."
• Gateway behavior: Follows the spec correctly — logs the error and marks the server as "status":"error".
• Compiler behavior: The docker run command built by mcp_setup_generator.go has ~40 explicit -e VAR entries but does not include ACTIONS_ID_TOKEN_REQUEST_URL or ACTIONS_ID_TOKEN_REQUEST_TOKEN. The standardEnvVars dedup list (used for mcpEnvVars) also omits them.
• The collectMCPEnvironmentVariables function in mcp_environment.go handles HTTP header secrets, safe-outputs, mcp-scripts, and GitHub MCP tokens — but has no code path for github-oidc auth.

Reproduction

1. Create a workflow with an HTTP MCP server using auth: { type: github-oidc }:

permissions:
  id-token: write

mcp-servers:
  my-server:
    type: http
    url: "https://my-server.example.com/mcp/"
    auth:
      type: github-oidc
      audience: "https://my-server.example.com"

2. Compile and run the workflow.

3. The "Start MCP Gateway" step generates a docker run command with many explicit -e flags, but ACTIONS_ID_TOKEN_REQUEST_URL and ACTIONS_ID_TOKEN_REQUEST_TOKEN are not among them:

docker run -i --rm --network host \
  -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY \
  ... (many vars) ...
  -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA \
  -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE \
  -e GITHUB_HEAD_REF -e GITHUB_BASE_REF \
  -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY \
  ... ghcr.io/github/gh-aw-mcpg:<version>

4. Gateway logs the error and the server shows "status":"error" in the health check:

{"status":"unhealthy","servers":{"my-server":{"status":"error","uptime":0}}}

Proposed fix

In mcp_setup_generator.go, conditionally add the two OIDC env vars to the gateway container when any HTTP MCP server uses auth.type: "github-oidc":

// GitHub Actions OIDC env vars — required by the gateway to mint tokens
// for servers with auth.type: "github-oidc" (spec §7.6.1)
if hasGitHubOIDCAuth {
    containerCmd.WriteString(" -e ACTIONS_ID_TOKEN_REQUEST_URL")
    containerCmd.WriteString(" -e ACTIONS_ID_TOKEN_REQUEST_TOKEN")
}

Also add them to the standardEnvVars dedup list to prevent duplicate -e flags.

References

• MCP Gateway Spec §7.6.1
• Using Custom MCP Servers — GitHub Actions OIDC Authentication
• Source: pkg/workflow/mcp_setup_generator.go (lines ~620–740)
• Source: pkg/workflow/mcp_environment.go (collectMCPEnvironmentVariables)

[lpcox]

🔗 AWF tracking issue: https://github.com/github/gh-aw-firewall/issues/github/gh-aw-firewall#1792

Generated by Firewall Issue Dispatcher · ● 705.4K · ◷