Add optional Authorization header token-based authentication when serving mcp via SSE #58
Conversation
|
Thanks, I've removed the leftover debugging lines. |
Codecov Report❌ Patch coverage is
@@ Coverage Diff @@
## main #58 +/- ##
==========================================
- Coverage 96.75% 93.81% -2.95%
==========================================
Files 4 4
Lines 370 388 +18
Branches 8 12 +4
==========================================
+ Hits 358 364 +6
- Misses 11 22 +11
- Partials 1 2 +1
Continue to review full report in Codecov by Sentry.
🚀 New features to boost your workflow:
|
|
You may find the following two commands useful to fix the broken CI: |
|
@Red5d can you also add some unit tests? |
| sse_server_group.add_argument( | ||
| "--auth-token", | ||
| default=None, | ||
| help="Authentication token for the SSE server. Default is no authentication.", |
There was a problem hiding this comment.
There are a couple of existing conventions either the API_ACCESS_TOKEN env var or --headers and I believe these for going in the opposite direction. It might be helpful to explicitly clarify here the difference (e.g. explicitly state this is adding authentication to the proxy itself, and not passed to the downstream SSE server like the others. (Either clarifying those or this one or both)
Also suggest updating README.md
There was a problem hiding this comment.
This is adding header-based authentication to the proxy, yes. Specifying the expected "Bearer" value for the "Authorization" header. I'm certainly willing to change the naming or something if that would be better though.
To test that providing the Authorization header token value actually prevents access without it? Would that be done in here?: https://github.com/sparfenyuk/mcp-proxy/blob/main/tests/test_sse_server.py |
Add an optional AuthenticationMiddleware backend that can check for an Authorization header value from clients connecting when serving an mcp server via SSE.