Bearer Token Verification Middleware #223

ardaguclu · 2025-08-01T14:19:04Z

ardaguclu
Aug 1, 2025

Pre-submission Checklist

I have checked that this question would not be more appropriate as an issue in a specific repository
I have searched existing discussions and documentation for answers

Question Category

Your Question

Our MCP Server is implemented in Go and we are planning to migrate to this SDK soon. We had to implement all authentication/authorization logic from scratch and I'm wondering there are any plans to provide built-in authentication middlewares that seem to exist in other SDKs?;

As far as I understand, if this is provided, once MCP Server owners define token verification mechanism as suggested in #174 (comment), the rest will be handled by SDK. That would drastically simplify the MCP Server implementations.

ardaguclu · 2025-08-01T14:20:34Z

ardaguclu
Aug 1, 2025
Author

Please let me know if this is appropriate more as an issue.

2 replies

jba Aug 5, 2025
Maintainer

Please do. I was going to do it myself, but then I would be the issue creator.

ardaguclu Aug 6, 2025
Author

Opened #246

jba · 2025-08-04T14:38:21Z

jba
Aug 4, 2025
Maintainer

We do intend to provide this. We are currently designing it.

2 replies

jba Aug 5, 2025
Maintainer

We had to implement all authentication/authorization logic from scratch

It would be very helpful if you could share your implementation.

ardaguclu Aug 6, 2025
Author

We are wiring authorization middleware in https://github.com/containers/kubernetes-mcp-server/blob/94b85990e3654713ce0839e908c3bbd1f043a388/pkg/http/http.go#L30-L43. This is the implementation of middleware https://github.com/containers/kubernetes-mcp-server/blob/94b85990e3654713ce0839e908c3bbd1f043a388/pkg/http/authorization.go#L22.

jba · 2025-08-05T12:00:15Z

jba
Aug 5, 2025
Maintainer

Is there any particular reason this has to be middleware? What if there were a server option that was a token verify function? It would take a bearer token and return authentication info or an error. Our streamable transport could inspect the error and send a response with the appropriate resource URL, or pass on the auth info to request handlers.

1 reply

ardaguclu Aug 6, 2025
Author

That would nicely work too. Thank you for your reply. Besides, I believe that this would be simpler than middleware.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bearer Token Verification Middleware #223

Uh oh!

{{title}}

Uh oh!

Replies: 3 comments 5 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Bearer Token Verification Middleware #223

Uh oh!

ardaguclu Aug 1, 2025

Pre-submission Checklist

Question Category

Your Question

Replies: 3 comments · 5 replies

Uh oh!

ardaguclu Aug 1, 2025 Author

Uh oh!

jba Aug 5, 2025 Maintainer

Uh oh!

ardaguclu Aug 6, 2025 Author

Uh oh!

jba Aug 4, 2025 Maintainer

Uh oh!

jba Aug 5, 2025 Maintainer

Uh oh!

ardaguclu Aug 6, 2025 Author

Uh oh!

jba Aug 5, 2025 Maintainer

Uh oh!

ardaguclu Aug 6, 2025 Author

ardaguclu
Aug 1, 2025

Replies: 3 comments 5 replies

ardaguclu
Aug 1, 2025
Author

jba Aug 5, 2025
Maintainer

ardaguclu Aug 6, 2025
Author

jba
Aug 4, 2025
Maintainer

jba Aug 5, 2025
Maintainer

ardaguclu Aug 6, 2025
Author

jba
Aug 5, 2025
Maintainer

ardaguclu Aug 6, 2025
Author