feat(api): expose authorizationToken as valid auth mechanism

stainless-app[bot] · stainless-app[bot] · commit cbd38d5cf189 · 2025-08-05T18:22:30.000Z
diff --git a/.stats.yml b/.stats.yml
@@ -1,4 +1,4 @@
 configured_endpoints: 107
 openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/mux%2Fmux-ba7ebfd893a1c5d082d55cddaec2ff9219072c9abd96442357aad1748e421483.yml
 openapi_spec_hash: 94fd98fcb8414d6c70a6ad7593ffcfa4
-config_hash: f2bc8e7dd9a1bcf7aa124d84e6172d06
+config_hash: 06e26125693367671f74a6d70d1f3333
diff --git a/packages/mcp-server/README.md b/packages/mcp-server/README.md
@@ -2,6 +2,7 @@
 
 ## Installation
 
+
 ### Via MCP Client
 
 There is a partial list of existing clients at [modelcontextprotocol.io](https://modelcontextprotocol.io/clients). If you already
@@ -20,7 +21,8 @@ For clients with a configuration JSON, it might look something like this:
         "MUX_TOKEN_SECRET": "my secret",
         "MUX_WEBHOOK_SECRET": "My Webhook Secret",
         "MUX_SIGNING_KEY": "My Jwt Signing Key",
-        "MUX_PRIVATE_KEY": "My Jwt Private Key"
+        "MUX_PRIVATE_KEY": "My Jwt Private Key",
+        "MUX_AUTHORIZATION_TOKEN": "my authorization token"
       }
     }
   }
diff --git a/packages/mcp-server/cloudflare-worker/src/index.ts b/packages/mcp-server/cloudflare-worker/src/index.ts
@@ -20,17 +20,17 @@ const serverConfig: ServerConfig = {
       key: 'tokenId',
       label: 'Token ID',
       description: '',
-      required: true,
-      default: undefined,
+      required: false,
+      default: null,
       placeholder: 'my token id',
       type: 'password',
     },
     {
       key: 'tokenSecret',
       label: 'Token Secret',
       description: '',
-      required: true,
-      default: undefined,
+      required: false,
+      default: null,
       placeholder: 'my secret',
       type: 'password',
     },
@@ -61,6 +61,15 @@ const serverConfig: ServerConfig = {
       placeholder: 'My Jwt Private Key',
       type: 'string',
     },
+    {
+      key: 'authorizationToken',
+      label: 'Authorization Token',
+      description: '',
+      required: false,
+      default: null,
+      placeholder: 'my authorization token',
+      type: 'password',
+    },
   ],
 };
 
diff --git a/packages/mcp-server/src/headers.ts b/packages/mcp-server/src/headers.ts
@@ -15,6 +15,8 @@ export const parseAuthHeaders = (req: IncomingMessage): Partial<ClientOptions> =
           tokenId: rawValue.slice(0, rawValue.search(':')),
           tokenSecret: rawValue.slice(rawValue.search(':') + 1),
         };
+      case 'Bearer':
+        return { authorizationToken: req.headers.authorization.slice('Bearer '.length) };
       default:
         throw new Error(`Unsupported authorization scheme`);
     }
@@ -28,5 +30,9 @@ export const parseAuthHeaders = (req: IncomingMessage): Partial<ClientOptions> =
     req.headers['x-mux-token-secret'] instanceof Array ?
       req.headers['x-mux-token-secret'][0]
     : req.headers['x-mux-token-secret'];
-  return { tokenId, tokenSecret };
+  const authorizationToken =
+    req.headers['x-mux-authorization-token'] instanceof Array ?
+      req.headers['x-mux-authorization-token'][0]
+    : req.headers['x-mux-authorization-token'];
+  return { tokenId, tokenSecret, authorizationToken };
 };
diff --git a/src/index.ts b/src/index.ts
@@ -22,12 +22,12 @@ export interface ClientOptions {
   /**
    * Defaults to process.env['MUX_TOKEN_ID'].
    */
-  tokenId?: string | undefined;
+  tokenId?: string | null | undefined;
 
   /**
    * Defaults to process.env['MUX_TOKEN_SECRET'].
    */
-  tokenSecret?: string | undefined;
+  tokenSecret?: string | null | undefined;
 
   /**
    * Defaults to process.env['MUX_WEBHOOK_SECRET'].
@@ -44,6 +44,11 @@ export interface ClientOptions {
    */
   jwtPrivateKey?: string | null | undefined;
 
+  /**
+   * Defaults to process.env['MUX_AUTHORIZATION_TOKEN'].
+   */
+  authorizationToken?: string | null | undefined;
+
   /**
    * Override the default base URL for the API, e.g., "https://api.example.com/v2/"
    *
@@ -107,22 +112,24 @@ export interface ClientOptions {
  * API Client for interfacing with the Mux API.
  */
 export class Mux extends Core.APIClient {
-  tokenId: string;
-  tokenSecret: string;
+  tokenId: string | null;
+  tokenSecret: string | null;
   webhookSecret: string | null;
   jwtSigningKey: string | null;
   jwtPrivateKey: string | null;
+  authorizationToken: string | null;
 
   private _options: ClientOptions;
 
   /**
    * API Client for interfacing with the Mux API.
    *
-   * @param {string | undefined} [opts.tokenId=process.env['MUX_TOKEN_ID'] ?? undefined]
-   * @param {string | undefined} [opts.tokenSecret=process.env['MUX_TOKEN_SECRET'] ?? undefined]
+   * @param {string | null | undefined} [opts.tokenId=process.env['MUX_TOKEN_ID'] ?? null]
+   * @param {string | null | undefined} [opts.tokenSecret=process.env['MUX_TOKEN_SECRET'] ?? null]
    * @param {string | null | undefined} [opts.webhookSecret=process.env['MUX_WEBHOOK_SECRET'] ?? null]
    * @param {string | null | undefined} [opts.jwtSigningKey=process.env['MUX_SIGNING_KEY'] ?? null]
    * @param {string | null | undefined} [opts.jwtPrivateKey=process.env['MUX_PRIVATE_KEY'] ?? null]
+   * @param {string | null | undefined} [opts.authorizationToken=process.env['MUX_AUTHORIZATION_TOKEN'] ?? null]
    * @param {string} [opts.baseURL=process.env['MUX_BASE_URL'] ?? https://api.mux.com] - Override the default base URL for the API.
    * @param {number} [opts.timeout=1 minute] - The maximum amount of time (in milliseconds) the client will wait for a response before timing out.
    * @param {number} [opts.httpAgent] - An HTTP agent used to manage HTTP(s) connections.
@@ -133,30 +140,21 @@ export class Mux extends Core.APIClient {
    */
   constructor({
     baseURL = Core.readEnv('MUX_BASE_URL'),
-    tokenId = Core.readEnv('MUX_TOKEN_ID'),
-    tokenSecret = Core.readEnv('MUX_TOKEN_SECRET'),
+    tokenId = Core.readEnv('MUX_TOKEN_ID') ?? null,
+    tokenSecret = Core.readEnv('MUX_TOKEN_SECRET') ?? null,
     webhookSecret = Core.readEnv('MUX_WEBHOOK_SECRET') ?? null,
     jwtSigningKey = Core.readEnv('MUX_SIGNING_KEY') ?? null,
     jwtPrivateKey = Core.readEnv('MUX_PRIVATE_KEY') ?? null,
+    authorizationToken = Core.readEnv('MUX_AUTHORIZATION_TOKEN') ?? null,
     ...opts
   }: ClientOptions = {}) {
-    if (tokenId === undefined) {
-      throw new Errors.MuxError(
-        "The MUX_TOKEN_ID environment variable is missing or empty; either provide it, or instantiate the Mux client with an tokenId option, like new Mux({ tokenId: 'my token id' }).",
-      );
-    }
-    if (tokenSecret === undefined) {
-      throw new Errors.MuxError(
-        "The MUX_TOKEN_SECRET environment variable is missing or empty; either provide it, or instantiate the Mux client with an tokenSecret option, like new Mux({ tokenSecret: 'my secret' }).",
-      );
-    }
-
     const options: ClientOptions = {
       tokenId,
       tokenSecret,
       webhookSecret,
       jwtSigningKey,
       jwtPrivateKey,
+      authorizationToken,
       ...opts,
       baseURL: baseURL || `https://api.mux.com`,
     };
@@ -177,6 +175,7 @@ export class Mux extends Core.APIClient {
     this.webhookSecret = webhookSecret;
     this.jwtSigningKey = jwtSigningKey;
     this.jwtPrivateKey = jwtPrivateKey;
+    this.authorizationToken = authorizationToken;
   }
 
   video: API.Video = new API.Video(this);
@@ -203,7 +202,34 @@ export class Mux extends Core.APIClient {
     };
   }
 
+  protected override validateHeaders(headers: Core.Headers, customHeaders: Core.Headers) {
+    if (this.tokenId && this.tokenSecret && headers['authorization']) {
+      return;
+    }
+    if (customHeaders['authorization'] === null) {
+      return;
+    }
+
+    if (this.authorizationToken && headers['authorization']) {
+      return;
+    }
+    if (customHeaders['authorization'] === null) {
+      return;
+    }
+
+    throw new Error(
+      'Could not resolve authentication method. Expected either tokenId, tokenSecret or authorizationToken to be set. Or for one of the "Authorization" or "Authorization" headers to be explicitly omitted',
+    );
+  }
+
   protected override authHeaders(opts: Core.FinalRequestOptions): Core.Headers {
+    return {
+      ...this.accessTokenAuth(opts),
+      ...this.authorizationTokenAuth(opts),
+    };
+  }
+
+  protected accessTokenAuth(opts: Core.FinalRequestOptions): Core.Headers {
     if (!this.tokenId) {
       return {};
     }
@@ -217,6 +243,13 @@ export class Mux extends Core.APIClient {
     return { Authorization };
   }
 
+  protected authorizationTokenAuth(opts: Core.FinalRequestOptions): Core.Headers {
+    if (this.authorizationToken == null) {
+      return {};
+    }
+    return { Authorization: `Bearer ${this.authorizationToken}` };
+  }
+
   protected override stringifyQuery(query: Record<string, unknown>): string {
     return qs.stringify(query, { arrayFormat: 'brackets' });
   }

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@`
`2`	`2`
`3`	`3`	`## Installation`
`4`	`4`
	`5`	`+`
`5`	`6`	`### Via MCP Client`
`6`	`7`
`7`	`8`	`There is a partial list of existing clients at [modelcontextprotocol.io](https://modelcontextprotocol.io/clients). If you already`
`@@ -20,7 +21,8 @@ For clients with a configuration JSON, it might look something like this:`
`20`	`21`	`"MUX_TOKEN_SECRET": "my secret",`
`21`	`22`	`"MUX_WEBHOOK_SECRET": "My Webhook Secret",`
`22`	`23`	`"MUX_SIGNING_KEY": "My Jwt Signing Key",`
`23`		`- "MUX_PRIVATE_KEY": "My Jwt Private Key"`
	`24`	`+ "MUX_PRIVATE_KEY": "My Jwt Private Key",`
	`25`	`+ "MUX_AUTHORIZATION_TOKEN": "my authorization token"`
`24`	`26`	`}`
`25`	`27`	`}`
`26`	`28`	`}`