Skip to content

Add MCP server authentication to inspector#24

Merged
abewheel merged 1 commit intomainfrom
abewheel/inspector-mcp-auth
Mar 25, 2026
Merged

Add MCP server authentication to inspector#24
abewheel merged 1 commit intomainfrom
abewheel/inspector-mcp-auth

Conversation

@abewheel
Copy link
Copy Markdown
Contributor

@abewheel abewheel commented Mar 25, 2026

Summary

  • Adds Bearer token and OAuth authentication support to the inspector sidebar for connecting to authenticated MCP servers.
  • Bearer auth adds an Authorization header to the transport. OAuth uses the MCP SDK's auth() flow with PKCE, dynamic client registration, and an in-memory provider on the dev server.
  • The OAuth popup callback uses postMessage with a BroadcastChannel fallback for providers that set Cross-Origin-Opener-Policy headers.
  • Includes optional client ID/secret and scopes inputs for servers that require pre-registered credentials or specific scopes.
  • Auth UI is hidden in demo mode, bearer token input is password-masked, and all auth endpoints are gated behind method checks.

Test plan

  • Verify bearer token auth connects to a token-protected MCP server
  • Verify OAuth flow completes against a real OAuth-protected MCP server
  • Verify popup blocked detection shows a clear error message
  • Verify auth section is hidden in demo mode
  • Verify switching auth type to "None" reconnects without credentials
  • Unit tests pass: pnpm --filter sunpeak test -- --run

@abewheel
Add MCP server authentication to inspector (Bearer + OAuth)
5681556 
Support connecting to authenticated MCP servers from the inspector sidebar.
Bearer token auth adds an Authorization header to the transport. OAuth uses
the MCP SDK's auth flow with PKCE, dynamic client registration, and an
in-memory provider. The popup callback uses postMessage with a
BroadcastChannel fallback for COOP-protected OAuth providers. Includes
optional client_id/client_secret and scopes inputs. Auth UI is hidden in
demo mode. Bearer token input is password-masked.
@abewheel abewheel merged commit 88d02db into main Mar 25, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@abewheel