From 1d74e6ce6dd43b41eb20dfa7a15c8bc326731dba Mon Sep 17 00:00:00 2001
From: German Viscuso <germanviscuso@gmail.com>
Date: Tue, 24 Feb 2026 01:25:36 +0100
Subject: [PATCH] fix: in oci_database_mcp_server handle API key auth when
 security_token_file is absent

The original code unconditionally accessed config['security_token_file'],
causing a KeyError for users authenticating with API keys. Added a check
so token-based auth is only used when the key is present in the config.
---
 .../oracle/oci_database_mcp_server/server.py  | 28 +++++++++++--------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/src/oci-database-mcp-server/oracle/oci_database_mcp_server/server.py b/src/oci-database-mcp-server/oracle/oci_database_mcp_server/server.py
index c7b747e0..3bd9e72f 100644
--- a/src/oci-database-mcp-server/oracle/oci_database_mcp_server/server.py
+++ b/src/oci-database-mcp-server/oracle/oci_database_mcp_server/server.py
@@ -290,17 +290,23 @@ def get_database_client(region: str = None):
     )
     user_agent_name = __project__.split("oracle.", 1)[1].split("-server", 1)[0]
     config["additional_user_agent"] = f"{user_agent_name}/{__version__}"
-    private_key = oci.signer.load_private_key_from_file(config["key_file"])
-    token_file = config["security_token_file"]
-    with open(token_file, "r") as f:
-        token = f.read()
-    signer = oci.auth.signers.SecurityTokenSigner(token, private_key)
-    if region is None:
-        return oci.database.DatabaseClient(config, signer=signer)
-    regional_config = config.copy()
-    regional_config["region"] = region
-    return oci.database.DatabaseClient(regional_config, signer=signer)
-
+    if "security_token_file" in config:
+        private_key = oci.signer.load_private_key_from_file(config["key_file"])
+        token_file = config["security_token_file"]
+        with open(token_file, "r") as f:
+            token = f.read()
+        signer = oci.auth.signers.SecurityTokenSigner(token, private_key)
+        if region is None:
+            return oci.database.DatabaseClient(config, signer=signer)
+        regional_config = config.copy()
+        regional_config["region"] = region
+        return oci.database.DatabaseClient(regional_config, signer=signer)
+    else:
+        if region is None:
+            return oci.database.DatabaseClient(config)
+        regional_config = config.copy()
+        regional_config["region"] = region
+        return oci.database.DatabaseClient(regional_config)
 
 def call_create_pdb(client, details, opc_retry_token=None, opc_request_id=None):
     kwargs = {"create_pluggable_database_details": details.__dict__}