Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions docs/toolhive/concepts/embedded-auth-server.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -269,15 +269,15 @@ resources, with some differences:
For single-backend deployments on MCPServer, the embedded auth server
automatically swaps the token for each request. For vMCP with multiple backends,
you configure which upstream provider's token goes to which backend using
[upstream token injection](../guides-vmcp/authentication.mdx#upstream-token-injection)
[upstream token injection](../guides-vmcp/embedded-auth-server-vmcp.mdx#forward-a-stored-upstream-token-upstream-injection)
or
[token exchange with upstream tokens](../guides-vmcp/authentication.mdx#token-exchange-with-upstream-tokens).
[token exchange with upstream tokens](../guides-vmcp/embedded-auth-server-vmcp.mdx#exchange-a-stored-upstream-token-token-exchange).

## Next steps

- [Set up the embedded authorization server in Kubernetes](../guides-k8s/embedded-auth-server-k8s.mdx)
for step-by-step setup of MCPServer resources in Kubernetes
- [Configure the vMCP embedded authorization server](../guides-vmcp/authentication.mdx#embedded-authorization-server)
- [Configure the vMCP embedded authorization server](../guides-vmcp/embedded-auth-server-vmcp.mdx)
for multiple upstream providers on a VirtualMCPServer
- [Deploy Redis Sentinel](../guides-k8s/redis-session-storage.mdx) for
production session storage
Expand Down
2 changes: 1 addition & 1 deletion docs/toolhive/concepts/vmcp.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,7 @@ auth server acquires tokens from each upstream provider and injects them into
requests to the appropriate backends. MCP clients register or identify
themselves automatically through Client ID Metadata Documents (CIMD) or Dynamic
Client Registration (DCR), so no manual client configuration is needed. See
[Authentication](../guides-vmcp/authentication.mdx#embedded-authorization-server)
[Embedded authorization server](../guides-vmcp/embedded-auth-server-vmcp.mdx)
for setup details.

## When to use vMCP
Expand Down
2 changes: 1 addition & 1 deletion docs/toolhive/guides-k8s/embedded-auth-server-k8s.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -746,7 +746,7 @@ attempt.
- For the other Kubernetes authentication approaches, see
[Authentication and authorization](./auth-k8s.mdx)
- For multi-upstream provider support with vMCP, see
[vMCP embedded authorization server](../guides-vmcp/authentication.mdx#embedded-authorization-server)
[vMCP embedded authorization server](../guides-vmcp/embedded-auth-server-vmcp.mdx)
- For a similar configuration pattern using token exchange, see
[Configure token exchange](./token-exchange-k8s.mdx)
- For combining the embedded auth server with AWS STS, see
Expand Down
2 changes: 1 addition & 1 deletion docs/toolhive/guides-k8s/remote-mcp-proxy.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -831,7 +831,7 @@ any other backend. (In inline mode, you list the backends in the
VirtualMCPServer spec instead.) If the proxy is configured to validate incoming
requests, whether through `oidcConfigRef` or an embedded authorization server,
configure an
[outgoing authentication strategy](../guides-vmcp/authentication.mdx#outgoing-authentication)
[backend authentication strategy](../guides-vmcp/authentication.mdx#backend-authentication)
on the vMCP so it presents a token the proxy accepts, such as `upstreamInject`
to forward a user's upstream token or `tokenExchange` to obtain a token with the
proxy's expected audience. A proxy left without an authentication source accepts
Expand Down
Loading