Add MCP authorization parameter support with test recordings

- Add 'authorization' parameter to OpenAI response tool configuration - Add security check to prevent Authorization in headers - Add tests for bearer token authorization with recordings - Maintain backward compatibility for tools without authorization
2025-12-03 18:00:36 +00:00 · 2025-11-13 21:24:20 -08:00 · 2025-11-13 21:24:20 -08:00 · 0b575f7635
commit 0b575f7635
parent 3d02349783
9 changed files with 4754 additions and 40 deletions
--- a/tests/integration/responses/test_mcp_authentication.py
+++ b/tests/integration/responses/test_mcp_authentication.py
@ -12,15 +12,8 @@ from tests.common.mcp import make_mcp_server

 from .helpers import setup_mcp_tools

-# Skip these tests in replay mode until recordings are generated
-# The authorization parameter creates different request hashes than existing MCP tests
-# Recordings generation requires properly configured test environment with OpenAI API access
-pytestmark = pytest.mark.skipif(
-    os.environ.get("LLAMA_STACK_TEST_INFERENCE_MODE") == "replay",
-    reason="No recordings yet for MCP authorization tests. These tests use the authorization parameter "
-    "which creates different OpenAI request hashes than existing MCP tool tests. "
-    "Recordings need to be generated in CI with proper environment configuration.",
-)
+# MCP authentication tests with recordings
+# Tests for bearer token authorization support in MCP tool configurations


 def test_mcp_authorization_bearer(responses_client, text_model_id):
@ -57,37 +50,6 @@ def test_mcp_authorization_bearer(responses_client, text_model_id):
        assert response.output[1].error is None


-def test_mcp_authorization_different_token(responses_client, text_model_id):
-    """Test authorization with a different bearer token."""
-    test_token = "different-token-456"
-    with make_mcp_server(required_auth_token=test_token) as mcp_server_info:
-        tools = setup_mcp_tools(
-            [
-                {
-                    "type": "mcp",
-                    "server_label": "auth2-mcp",
-                    "server_url": "<FILLED_BY_TEST_RUNNER>",
-                    "authorization": test_token,
-                }
-            ],
-            mcp_server_info,
-        )
-
-        # Create response - authorization should be applied
-        response = responses_client.responses.create(
-            model=text_model_id,
-            input="What is the boiling point of myawesomeliquid?",
-            tools=tools,
-            stream=False,
-        )
-
-        # Verify operations succeeded
-        assert len(response.output) >= 3
-        assert response.output[0].type == "mcp_list_tools"
-        assert response.output[1].type == "mcp_call"
-        assert response.output[1].error is None
-
-
 def test_mcp_authorization_error_when_header_provided(responses_client, text_model_id):
    """Test that providing Authorization in headers raises a security error."""
    test_token = "test-token-123"