Skip to content

MCP Gateway container missing ACTIONS_ID_TOKEN_REQUEST_URL / ACTIONS_ID_TOKEN_REQUEST_TOKEN env vars #25224

Open
Open
MCP Gateway container missing ACTIONS_ID_TOKEN_REQUEST_URL / ACTIONS_ID_TOKEN_REQUEST_TOKEN env vars#25224
Assignees
lpcox
Labels
ai-inspectedawfcommunity
@bbonafed

Description

@bbonafed
bbonafed
opened on Apr 8, 2026

Summary

When an HTTP MCP server uses auth: { type: github-oidc }, the MCP gateway correctly attempts to mint GitHub OIDC tokens via ACTIONS_ID_TOKEN_REQUEST_URL. However, the gh-aw compiler (mcp_setup_generator.go) does not include these two environment variables in the explicit -e list on the docker run command that starts the gateway container. This causes the gateway to fail at startup with:

[ERROR] Server "my-server" requires OIDC authentication but ACTIONS_ID_TOKEN_REQUEST_URL is not set.
        OIDC auth is only available when running in GitHub Actions with `permissions: { id-token: write }`.

The workflow correctly declares permissions: { id-token: write }, and GitHub Actions does set ACTIONS_ID_TOKEN_REQUEST_URL and ACTIONS_ID_TOKEN_REQUEST_TOKEN on the runner. But because the gateway runs inside a Docker container with an explicit allowlist of -e variables, these two are never forwarded.

Observed behavior

  • Gateway spec (§7.6.1) says: "On startup, the gateway checks for ACTIONS_ID_TOKEN_REQUEST_URL. If set, an OIDC provider is initialized." and "If a server has auth.type: 'github-oidc' but the OIDC env vars are missing, the gateway MUST log an error."
  • Gateway behavior: Follows the spec correctly — logs the error and marks the server as "status":"error".
  • Compiler behavior: The docker run command built by mcp_setup_generator.go has ~40 explicit -e VAR entries but does not include ACTIONS_ID_TOKEN_REQUEST_URL or ACTIONS_ID_TOKEN_REQUEST_TOKEN. The standardEnvVars dedup list (used for mcpEnvVars) also omits them.
  • The collectMCPEnvironmentVariables function in mcp_environment.go handles HTTP header secrets, safe-outputs, mcp-scripts, and GitHub MCP tokens — but has no code path for github-oidc auth.

Reproduction

  1. Create a workflow with an HTTP MCP server using auth: { type: github-oidc }:
permissions:
  id-token: write

mcp-servers:
  my-server:
    type: http
    url: "https://my-server.example.com/mcp/"
    auth:
      type: github-oidc
      audience: "https://my-server.example.com"

  1. Compile and run the workflow.

  2. The "Start MCP Gateway" step generates a docker run command with many explicit -e flags, but ACTIONS_ID_TOKEN_REQUEST_URL and ACTIONS_ID_TOKEN_REQUEST_TOKEN are not among them:

docker run -i --rm --network host \
  -e MCP_GATEWAY_PORT -e MCP_GATEWAY_DOMAIN -e MCP_GATEWAY_API_KEY \
  ... (many vars) ...
  -e GITHUB_WORKFLOW_REF -e GITHUB_WORKFLOW_SHA \
  -e GITHUB_REF -e GITHUB_REF_NAME -e GITHUB_REF_TYPE \
  -e GITHUB_HEAD_REF -e GITHUB_BASE_REF \
  -e GH_AW_SAFE_OUTPUTS_PORT -e GH_AW_SAFE_OUTPUTS_API_KEY \
  ... ghcr.io/github/gh-aw-mcpg:<version>
  1. Gateway logs the error and the server shows "status":"error" in the health check:
{"status":"unhealthy","servers":{"my-server":{"status":"error","uptime":0}}}

Proposed fix

In mcp_setup_generator.go, conditionally add the two OIDC env vars to the gateway container when any HTTP MCP server uses auth.type: "github-oidc":

// GitHub Actions OIDC env vars — required by the gateway to mint tokens
// for servers with auth.type: "github-oidc" (spec §7.6.1)
if hasGitHubOIDCAuth {
    containerCmd.WriteString(" -e ACTIONS_ID_TOKEN_REQUEST_URL")
    containerCmd.WriteString(" -e ACTIONS_ID_TOKEN_REQUEST_TOKEN")
}

Also add them to the standardEnvVars dedup list to prevent duplicate -e flags.

References

Metadata

Metadata

Assignees

Labels

ai-inspectedawfcommunity

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions