Skip to content

feat: per-user mcp auth #354

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
theuargb wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: per-user mcp auth #354

theuargb wants to merge 1 commit into from

Conversation

@theuargb
Copy link
Contributor

@theuargb theuargb commented Dec 22, 2025
edited
Loading

Implements #353

Per-User Authentication for MCP (Model Context Protocol) servers, allowing individual users to provide their own credentials (via OAuth) for shared or private MCP servers.

Core Functionality

  • Per-User Auth Toggle: Added a per_user_auth flag to MCP servers. When enabled, the system manages separate client instances and OAuth sessions for each user.
  • User-Specific OAuth: Updated the OAuth flow to associate sessions and tokens with specific user_ids in the database.
  • Tool Info Caching: Added a tool_info column to the MCP server table to cache available tools, improving performance and allowing the UI to show tools even when a server is disconnected.

Backend & Logic

  • MCPClientsManager: Now generates unique client IDs (e.g., serverId:userId) for servers requiring per-user auth. It filters tools and statuses based on the current user's session.
  • MCPClient: Enhanced to handle "Authorization Required" states. If a tool call fails due to missing auth, it returns a specific error that triggers an authorization prompt in the UI.
  • Database Migrations: Added migration 0015_abnormal_titania.sql to update the mcp_server and mcp_oauth_session tables with the necessary columns and indexes.

UI & User Experience

  • Authorization Prompts:
    • Added a "Per-User Authentication" toggle in the MCP Editor.
    • The Chat Mention Input and Tool Selector now display a warning icon ($\triangle$) for tools requiring authorization.
    • If a tool call requires auth, an interactive Authorization Required alert appears in the chat, allowing users to initiate the OAuth flow directly.
  • Status Visibility: The MCP management card now explicitly shows if a user is authorized for a specific server.

Repository & API

  • mcpRepository: Updated to handle the new perUserAuth and toolInfo fields.
  • api/mcp/list: Now returns isAuthorized status for each server relative to the requesting user.

@vercel
Copy link

vercel bot commented Dec 22, 2025

@theuargb is attempting to deploy a commit to the cgoinglove's projects Team on Vercel.

A member of the Team first needs to authorize it.

@theuargb theuargb marked this pull request as draft December 22, 2025 19:38
@theuargb theuargb force-pushed the feature-multiuser-mcp-auth branch from 30f3a87 to 53f2782 Compare December 23, 2025 07:30
@theuargb theuargb marked this pull request as ready for review December 23, 2025 07:34
@theuargb theuargb force-pushed the feature-multiuser-mcp-auth branch from 53f2782 to 4d9d4ba Compare December 23, 2025 08:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@theuargb