MCP server: AccessToken class should have field for subject claim ("sub") #1038
Description
Description
I'm proposing to add subject to AccessToken in mcp/server/auth/provider.py, which can be used to store the sub JWT claim that usually corresponds to the user ID:
class AccessToken(BaseModel):
token: str
client_id: str
scopes: list[str]
expires_at: int | None = None
resource: str | None = None # RFC 8707 resource indicator
# Proposed:
subject: str | None = None # Subject (user ID)
Then we can implement a token verifier as follows:
class MyTokenVerifier:
async def verify_token(self, token: str) -> AccessToken | None:
try:
token_claims = decode_and_validate_jwt(token)
except ...:
return None
return AccessToken(
token=token,
...
subject=token_claims["sub"],
)
and directly retrieve the user ID from the auth token in the context:
from mcp.server.auth.middleware.auth_context import get_access_token
user_id = get_access_token().subject
References
No response