Add OpenID Connect (OIDC) support alongside OAuth2 for authentication in Rust SDK #597
Description
Is your feature request related to a problem? Please describe.
The MCP Rust SDK currently supports OAuth 2.0 for authentication, but it does not include OpenID Connect (OIDC) support. OIDC is widely used in modern systems for identity federation, retrieving user profile claims, and integrating with identity providers (e.g., Google, Microsoft) that require OIDC. Adding OIDC support would help improve flexibility and broaden the use cases for the SDK.
Additionally, OpenID Connect support is needed for supporting SEP-990, which introduces enterprise IdP policy controls and advanced OAuth flows like RFC 8693 Token Exchange and RFC 7523 JWT Bearer. Adding OIDC would ensure the SDK is fully prepared for enterprise adoption and integrates seamlessly with modern IdPs.
Describe the solution you'd like
It would be great to see full OpenID Connect support added alongside OAuth 2.0. This could include:
- Support for OIDC discovery endpoints for dynamic configuration.
- Parsing and validation of
id_tokenas per OIDC specifications. - JWKS key fetching and secure verification for ID tokens.
- Handling additional claims and attributes provided by OIDC tokens.
- Comprehensive documentation for integrating with major identity providers like Microsoft Azure AD, Google, and Okta.
Describe alternatives you've considered
- Continuing with OAuth 2.0 alone, but this limits integration with systems that rely on OIDC for additional identity federation and claim support.
- Using external OIDC libraries to work around the limitation, but this increases complexity for developers and leads to inconsistency.
Additional context
- The TypeScript SDK already includes OIDC support in its authentication layer. Reviewing its implementation here could serve as a helpful reference.
- Adding OIDC support directly aligns with the goals of SEP-990, which focuses on enhanced enterprise IdP integration: