mirror of
https://github.com/langgenius/dify.git
synced 2026-07-15 01:17:04 +08:00
Forward the calling workspace user's SSO identity to MCP servers, gated
on enterprise. A single `identity_mode` enum on tool_mcp_providers drives
it ("off" | "idp_token"); when enabled and ENTERPRISE_ENABLED, the
workflow runtime mints a per-user token via the enterprise inner API and
stamps it on the outbound request as `X-Dify-SSO-Access-Token` (a custom
header, so workspace-scoped Authorization credentials are untouched).
Key points (incorporating #36839 review):
- identity_mode enum only (dropped the redundant forward_user_identity bool)
- forwarded token rides X-Dify-SSO-Access-Token, not Authorization
- gated on dify_config.ENTERPRISE_ENABLED at both the API surface
(controller resolves "unchanged" + coerces non-EE to off) and runtime
(_forwarding_requested); fail-closed when user context is missing
- Alembic migration adds identity_mode, chained onto the human-input
upload head (single migration head)
This is a clean rebuild of the branch onto current main: the previous
history had main commits duplicated into it by an earlier merge+rebase,
which polluted the PR diff. Content is unchanged and verified — single
migration head, 87 MCP unit tests pass.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>