feat: Allow setting Authorization header from tool arguments #144
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #143
Description:
This PR enhances the
_execute_api_tool
method infastapi_mcp/server.py
to provide more flexibility for authenticating internal tool calls.Problem:
Currently,
_execute_api_tool
primarily looks for anAuthorization
header inhttp_request_info.headers
. This works well for external clients. However, for internal MCP clients (e.g., a backend service calling a tool viaMCPClientSession
), it's often more convenient to pass authentication tokens through thearguments
of thecall_tool
request rather than reconstructing HTTP headers. If the token is passed only in the arguments, the tool execution would fail if the tool endpoint is protected.Solution:
This change modifies
_execute_api_tool
to check thearguments
dictionary for auser_access_token
key if anAuthorization
header is not already present inhttp_request_info.headers
or already set.If
user_access_token
is found in thearguments
:Bearer
token.Bearer
token is set as theAuthorization
header for thehttpx.AsyncClient
request made to the tool's endpoint.user_access_token
is removed from thearguments
dictionary to prevent it from being unintentionally passed in the request body.This approach maintains the priority of an explicitly passed
Authorization
header if one exists. It makesfastapi-mcp
more adaptable for internal tool usage patterns where passing authentication details via arguments is preferred.Changes:
fastapi_mcp/server.py
to include logic for extractinguser_access_token
from tool arguments and setting theAuthorization
header.