Feature Request: Authentication middleware for dynamic tool access control

[RasmusGodske]

Great stuff! I have been looking at your package from the sidelines, as I really want to add MCP capabilities to our platform.

The thing that is holding me back for now is that I can't quite see how to make it work in a multi-tenancy scenario. We need to be able to control what tools are available based on tenant-specific API keys, and ideally have an authentication layer that lets us:

1. Intercept requests before they reach the tools
2. Authenticate tenants via their own generated API keys
3. Dynamically determine which tools each tenant has access to

I've browsed through some of the code and it looks really promising! However, I haven't been able to spot where I could hook into the request lifecycle to add this authentication layer.

Are there any plans to support custom authentication middleware or request interceptors? Or perhaps there's already a way to achieve this that I'm missing? Our use case is that each of our customers (tenants) would generate their own API key and then depending on the scopes of the API Key, expose a set of tools available for it to use.

[jskorlol]

Regarding this part, it seems necessary to implement the existing auth protocol as a foundation.
However, I haven’t yet fully considered how to handle permission separation.
As I proceed with adding the authentication feature, I’ll make sure to take your feedback and requirements into account and aim to include the necessary functionality.

Thank you for your interest in the package.