mcp-data-platform-v0.4.3
Summary
Fixes role extraction from Keycloak tokens and adds workaround for Keycloak's "already logged in" issue.
Bug Fixes
Role Extraction from Keycloak Access Token
Users authenticated via Keycloak had no tool access because their roles weren't being extracted.
Root cause: The OAuth server only extracted claims from Keycloak's ID token, but Keycloak puts realm_access.roles in the access token.
Fix: extractUserFromUpstreamToken() now extracts claims from both tokens:
- ID token: Basic profile info (
sub,email,name) - Access token: Role claims (
realm_access,resource_access)
Keycloak "Already Logged In" Workaround
Added prompt=none parameter to upstream auth URL with automatic fallback. This addresses Keycloak's long-standing bug where it shows "You are already logged in" instead of completing the OAuth flow.
- First attempt uses
prompt=none(silent auth if already logged in) - If user not logged in, Keycloak returns
login_requirederror - Server automatically retries without
prompt=noneto show login page
OAuth Path Compatibility (from v0.4.1)
Includes OAuth path fix for Claude Desktop compatibility (/authorize without /oauth prefix).
Upgrade Notes
No breaking changes. Users with Keycloak integration should now see their roles properly mapped to personas.
Full Changelog
- Fix role extraction from Keycloak access token
- Add prompt=none workaround for Keycloak "already logged in" bug
- OAuth path compatibility for Claude Desktop
Changelog
Others
Installation
Homebrew (macOS)
brew install txn2/tap/mcp-data-platformClaude Code CLI
claude mcp add mcp-data-platform -- mcp-data-platformDocker
docker pull ghcr.io/txn2/mcp-data-platform:v0.4.3Verification
All release artifacts are signed with Cosign. Verify with:
cosign verify-blob --bundle mcp-data-platform_0.4.3_linux_amd64.tar.gz.sigstore.json \
mcp-data-platform_0.4.3_linux_amd64.tar.gz