Add support for custom headers and migrate from legacy auth #751
Conversation
|
Also related to #549 |
these are the design screenshots |
|
I think it would makes sense to also add those configuration field to the |
- Introduced CustomHeaders component for managing custom headers. - Updated Sidebar to include CustomHeaders component. - Enhanced useConnection hook to handle custom headers and legacy auth migration. - Added tests for custom headers functionality. - Updated package.json and package-lock.json for new dependencies.
There was a problem hiding this comment.
Hi, thank you for this PR! I just had a minor comment so far. I wanted to test this locally but don't have a server ready at the moment that requires custom auth headers, so just wanted to leave a note that I'm not ignoring this one while I set up something to test with locally (unless you have a specific server you have been testing this with?)
…age for header management
I’ve set up an MCP server at my company, but it’s not deployed to prod and is only accessible on our internal network, so I can’t share the URL for testing. |
|
Hi @olaservo Thank you for your support on this! A simple way to test this would be to host an MCP server on Google Cloud Run and make it private because Cloud Run expects a user's google identity token to be sent as the |
here's an example: https://cloud.google.com/blog/topics/developers-practitioners/build-and-deploy-a-remote-mcp-server-to-google-cloud-run-in-under-10-minutes |
That would be best left for a separate PR. This one is big enough already. |
client/eslint.config.js
Outdated
| @@ -23,6 +23,10 @@ export default tseslint.config( | |||
| "warn", | |||
| { allowConstantExport: true }, | |||
| ], | |||
| "@typescript-eslint/no-unused-vars": [ | |||
|
@cliffhall Thanks for the suggestion I agree — having Authorization: Bearer as the default makes sense since it’s the most common case, while still giving users the flexibility to customize or add extra headers as needed. I’ll review the requested changes and ensure everything is addressed. I plan to push an update with this change within the next 2–3 days. |
|
Good morning, I forked and will implement this because or business rule, but, I came here to tag this PR as important, more than others, cause, this is basic for the internet and mcp transport for list with security and personalizations. Thanks all for this! |
- Provide "Authorization: Bearer " as default starting header - Remove legacy auth props from components - Centralize migration logic and fix localStorage cleanup - Update tests for new auth architecture
|
@cliffhall I’ve pushed the update
Please let me know if you spot anything I may have missed |
|
@olaservo You don't necessarily need the server to expect the headers, as long as you can see that they are verifiably sent and received by the server. I did that in my review and everything looks good. Just temporarily added a |
This PR solves this issue:
#756 #750 #549 #249
Motivation and Context
This change addresses the need for flexible authentication and header management in the Inspector UI. Previously, the application only supported a single bearer token with a custom header name. This enhancement allows users to configure multiple custom headers with key-value pairs, providing better support for various authentication schemes and API requirements. The implementation also maintains backward compatibility by automatically migrating existing legacy auth configurations to the new custom headers system.
How Has This Been Tested?
useConnection.test.tsxBreaking Changes
No breaking changes. The implementation maintains full backward compatibility with existing bearer token and header name configurations. Legacy auth settings are automatically migrated to the new custom headers format when the application loads.
Types of changes
Checklist
Additional context
The implementation includes:
CustomHeaderscomponent with both form-based and JSON editor modescustomHeaders.tsuseConnectionhook to process multiple headersx-custom-auth-headersThe feature supports both streamable HTTP and SSE transports, allowing users to configure authentication headers for various API endpoints and authentication schemes beyond simple bearer tokens.
Fixes #756
Fixes #750
Fixes #549
Fixes #249