www-authenticate0.1.0

Inject the WWW-Authenticate header on 401 responses

WWW-Authenticate extension

This is a very simple hook extension for the Grafbase Gateway that inserts the WWW-Authenticate header into all responses with status code Unauthorized (401).

The WWW-Authenticate header is used to provide information on the authentication process to clients after a failed request. It is a general HTTP concept, and notably useful if you want to make the Gateway act as an OAuth 2.1 protected resource, for example when exposing a Model Context Protocol (MCP) server.

Usage

Add this to your configuration:


[extensions]
www-authenticate.version = "0.1"

[extensions.www-authenticate.config]
www_authenticate_header_value = """Bearer resource_metadata="https://api.grafbase.com/.well-known/oauth-protected-resource""""

The value of www_authenticate_header_value will be used as the value of the WWW-Authenticate header in all responses with status code Unauthorized (401).

Apache-2.0

15 Jul, 2025

Julius de Bruijn

InstallAdd this to your TOML configuration file:

[extensions] www-authenticate = "0.1.0"

github.com/grafbase/extensions/tree/main/extensions/www-authenticate

More extensions

kafka0.2.0

Map Kafka endpoints to GraphQL fields. Supports publishing and consuming...

grpc0.2.0

Integrate the Grafbase Gateway with your gRPC services declaratively.

nats0.5.0

Map NATS endpoints to GraphQL fields. Supports regular and JetStream...