From 364c5020b42d03d6b7bf133d0782bb5de1482ebe Mon Sep 17 00:00:00 2001
From: Roman Perekhod <2403905@gmail.com>
Date: Mon, 11 May 2026 13:16:04 +0200
Subject: [PATCH] feat: [OCISDEV-533] DRY AppendMFAToOutgoingContext

---
 pkg/ctx/mfactx.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/pkg/ctx/mfactx.go b/pkg/ctx/mfactx.go
index 0de2cc8986..a0d5f58e7c 100644
--- a/pkg/ctx/mfactx.go
+++ b/pkg/ctx/mfactx.go
@@ -1,5 +1,11 @@
 package ctx
 
+import (
+	"context"
+
+	"google.golang.org/grpc/metadata"
+)
+
 // MFAOutgoingHeader is the gRPC metadata key used to propagate MFA status across
 // service boundaries. The "autoprop-" prefix causes the metadata interceptor
 // (internal/grpc/interceptors/metadata) to forward it automatically at every
@@ -9,3 +15,12 @@ const MFAOutgoingHeader = "autoprop-mfa-authenticated"
 
 // The corresponding HTTP header set by the proxy is "X-Multi-Factor-Authentication".
 const MFAHeader = "X-Multi-Factor-Authentication"
+
+// AppendMFAToOutgoingContext adds the MFA status to the outgoing gRPC metadata.
+func AppendMFAToOutgoingContext(ctx context.Context, hasMFA bool) context.Context {
+	mfaVal := "false"
+	if hasMFA {
+		mfaVal = "true"
+	}
+	return metadata.AppendToOutgoingContext(ctx, MFAOutgoingHeader, mfaVal)
+}