One time auth for gateway

[kevalmahajan]

✨ Feature / Enhancement PR

🔗 Epic / Issue

Closes #1387

---

🚀 Summary (1-2 sentences)

Added a one-time authentication configuration for adding MCP servers to the gateway. This feature allows users to access MCP servers via the gateway without storing credentials in the database. Instead of saving the credentials, users must configure them through passthrough headers.

This feature is helpful for someone who does not want to store the credentials in the gateway or cannot use vault plugin but still want to access the server via gateway through passthrough headers.

Key Changes:

• Introduced a one-time authentication checkbox when adding an MCP server.
• When selected, credentials are not stored in the database and must be passed through headers (X-Upstream-Authorization for Authorization headers).

Testing Steps:

1. Create or use an MCP server that requires authentication.
2. Add the MCP server in the gateway, select the one-time authentication checkbox, and configure passthrough headers for authentication.
3. Create a virtual server that connects to the MCP server, providing the necessary authentication headers.
4. Verify that the credentials are not stored in the database, and that the virtual server can connect to the MCP server using the configured passthrough headers.
5. Ensure that the connection and tool calls work as expected.

---

🧪 Checks

• make lint passes
• make test passes
• CHANGELOG updated (if user-facing)

---

📓 Notes (optional)

graph LR
    A[User] --> B["Add MCP Server"]
    B --> C{"Enable One-Time Authentication?"}
    C -->|Yes| D["Do Not Store Credentials in DB"]
    C -->|No| E["Store Credentials in DB"]
    D --> F["Configure Passthrough Headers (X-Upstream-Authorization)"]
    F --> G["Create Virtual Server"]
    G --> H["Link to MCP Server"]
    H --> I["Add Authentication Headers"]
    I --> J["Test Connection"]
    J --> K["Successful Authentication"]
    E --> L["Create Virtual Server with Stored Credentials"]

    %% Define styling for steps (Dark mode colors)
    classDef step fill:#1e1e1e,stroke:#ffffff,stroke-width:2px,color:#f5f5f5;
    class A,B,C,D,E,F,G,H,I,J,K,L step;

Loading

[rakdutta]

Testing Summary:
Verified and working as expected in the following scenarios:

• MCP with SSE transport — tested using both Bearer and Basic authentication.
• MCP with Streamable transport — tested using both Bearer and Basic authentication.
  Tool testing is successful from both the Admin UI and the MCP Inspector (via Streamable transport on the virtual server).

[crivetimihai]

Please add documentation in docs/docs for this feature, including an adr.