Skip to content

First Party Support for Authentication (OAuth/APIKey) #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
+4,652 −5
Open

First Party Support for Authentication (OAuth/APIKey) #70

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
59075e2
initial implementation for oauth + apikey providers
amithkk Sep 6, 2025
e39acbc
Nicer error handling
amithkk Sep 6, 2025
cb3a9c0
docs
amithkk Sep 6, 2025
366a5a9
Remove sample from python-mcp
amithkk Sep 6, 2025
3426d82
nicer interface for OAuth that avoids unnecessary repetition of param…
amithkk Sep 7, 2025
f51e503
Run format and lint
amithkk Sep 7, 2025
86e532d
have other auth providers also inherit from httpx.Auth, allow passing…
amithkk Sep 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,6 @@ notebooks/

# Claude files
**/.claude/settings.local.json

.coverage
coverage.xml
106 changes: 106 additions & 0 deletions docs/auth/api-key.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
# API Key Authentication

API Key authentication allows you to pass in an API Key as a header to the MCP server for authentication

## Basic Usage

```python
from mcpadapt.auth import ApiKeyAuthProvider
from mcpadapt.core import MCPAdapt
from mcpadapt.smolagents_adapter import SmolAgentsAdapter

# Create API Key provider
api_key_provider = ApiKeyAuthProvider(
header_name="X-API-Key",
header_value="your-api-key-here"
)

with MCPAdapt(
serverparams={"url": "https://api.example.com/mcp", "transport": "streamable-http"},
adapter=SmolAgentsAdapter(),
auth_provider=api_key_provider,
) as tools:
print(f"Connected with {len(tools)} tools")
```

## Custom Header Names

Different APIs use different header names for API keys:

```python
from mcpadapt.auth import ApiKeyAuthProvider

# Common API key header variations
providers = [
ApiKeyAuthProvider("X-API-Key", "key123"), # Most common
ApiKeyAuthProvider("Authorization", "key123"), # Simple auth header
ApiKeyAuthProvider("X-Auth-Token", "key123"), # Auth token variant
ApiKeyAuthProvider("X-Custom-Auth", "key123"), # Custom header
]
```

## Environment Variables

Store API keys securely using environment variables:

```python
import os
from mcpadapt.auth import ApiKeyAuthProvider

# Load API key from environment
api_key = os.getenv("MY_API_KEY")
if not api_key:
raise ValueError("MY_API_KEY environment variable is required")

api_key_provider = ApiKeyAuthProvider(
header_name="X-API-Key",
header_value=api_key
)
```

## Multiple APIs with Different Keys

Use different API keys for different MCP servers:

```python
import os
from mcpadapt.auth import ApiKeyAuthProvider
from mcpadapt.core import MCPAdapt
from mcpadapt.smolagents_adapter import SmolAgentsAdapter

# Different API keys for different services
auth_providers = [
ApiKeyAuthProvider("X-API-Key", os.getenv("SERVICE_A_KEY")),
ApiKeyAuthProvider("X-Auth-Token", os.getenv("SERVICE_B_KEY")),
None, # No authentication for third service
]

server_configs = [
{"url": "https://service-a.com/mcp", "transport": "streamable-http"},
{"url": "https://service-b.com/mcp", "transport": "streamable-http"},
{"url": "http://localhost:8000/sse"},
]

with MCPAdapt(
serverparams=server_configs,
adapter=SmolAgentsAdapter(),
auth_provider=auth_providers,
) as tools:
print(f"Connected to {len(server_configs)} servers")
```

## API Key Formats

### Simple API Key

```python
ApiKeyAuthProvider("X-API-Key", "abc123def456")
```
### Base64 Encoded Credentials

```python
import base64

credentials = base64.b64encode(b"username:password").decode()
ApiKeyAuthProvider("Authorization", f"Basic {credentials}")
```
135 changes: 135 additions & 0 deletions docs/auth/bearer-token.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,135 @@
# Bearer Token Authentication

Bearer token authentication uses standard Authorization headers with Bearer tokens for MCP server authentication.

## Basic Usage

```python
from mcpadapt.auth import BearerAuthProvider
from mcpadapt.core import MCPAdapt
from mcpadapt.smolagents_adapter import SmolAgentsAdapter

# Create Bearer token provider
bearer_provider = BearerAuthProvider(token="your-bearer-token")

with MCPAdapt(
serverparams={"url": "https://api.example.com/mcp", "transport": "streamable-http"},
adapter=SmolAgentsAdapter(),
auth_provider=bearer_provider,
) as tools:
print(f"Connected with {len(tools)} tools")
```

## JWT Tokens

Bearer tokens are commonly used with JWT (JSON Web Tokens):

```python
from mcpadapt.auth import BearerAuthProvider

# JWT token example
jwt_token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
bearer_provider = BearerAuthProvider(token=jwt_token)
```

## Environment Variables

Store bearer tokens securely:

```python
import os
from mcpadapt.auth import BearerAuthProvider

# Load token from environment
bearer_token = os.getenv("BEARER_TOKEN")
if not bearer_token:
raise ValueError("BEARER_TOKEN environment variable is required")

bearer_provider = BearerAuthProvider(token=bearer_token)
```

## Multiple Services

Use different bearer tokens for different MCP servers:

```python
import os
from mcpadapt.auth import BearerAuthProvider
from mcpadapt.core import MCPAdapt
from mcpadapt.smolagents_adapter import SmolAgentsAdapter

# Different tokens for different services
auth_providers = [
BearerAuthProvider(os.getenv("SERVICE_A_TOKEN")),
BearerAuthProvider(os.getenv("SERVICE_B_TOKEN")),
None, # No authentication for third service
]

server_configs = [
{"url": "https://service-a.com/mcp", "transport": "streamable-http"},
{"url": "https://service-b.com/mcp", "transport": "streamable-http"},
{"url": "http://localhost:8000/sse"},
]

with MCPAdapt(
serverparams=server_configs,
adapter=SmolAgentsAdapter(),
auth_provider=auth_providers,
) as tools:
print(f"Connected to {len(server_configs)} servers")
```

## Token Formats

Bearer tokens can have different formats:

```python
from mcpadapt.auth import BearerAuthProvider

# Standard JWT
BearerAuthProvider("eyJhbGciOiJIUzI1NiIs...")

# Simple token
BearerAuthProvider("abc123def456ghi789")

# API-specific format
BearerAuthProvider("sk-1234567890abcdef")
```

## Best Practices

### Security
- Never hard-code bearer tokens in source code
- Use environment variables or secure configuration management
- Implement token rotation when possible
- Monitor token expiration and refresh as needed

### Configuration
- Use descriptive environment variable names
- Validate token format before using
- Handle token expiration gracefully
- Log authentication failures for debugging

## Integration Examples

### With Different Frameworks

```python
from mcpadapt.auth import BearerAuthProvider
import os

# Same bearer provider works with all frameworks
bearer_provider = BearerAuthProvider(os.getenv("BEARER_TOKEN"))

# SmolAgents
from mcpadapt.smolagents_adapter import SmolAgentsAdapter
adapter = SmolAgentsAdapter()

# CrewAI
from mcpadapt.crewai_adapter import CrewAIAdapter
adapter = CrewAIAdapter()

# LangChain
from mcpadapt.langchain_adapter import LangChainAdapter
adapter = LangChainAdapter()
```
Loading