phoenix-oss/llama-stack-mirror
0
0
Fork 1
mirror of https://github.com/meta-llama/llama-stack.git synced 2025-12-03 18:00:36 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: MCP authorization parameter implementation (#4052)

Browse source 
# What does this PR do?
Adding a user-facing `authorization ` parameter to MCP tool definitions
that allows users to explicitly configure credentials per MCP server,
addressing GitHub Issue #4034 in a secure manner.


## Test Plan
tests/integration/responses/test_mcp_authentication.py

---------

Co-authored-by: Omar Abdelwahab <omara@fb.com>
Co-authored-by: Ashwin Bharambe <ashwin.bharambe@gmail.com>
This commit is contained in:
Omar Abdelwahab 2025-11-14 08:54:42 -08:00 committed by GitHub
parent dc49ad3f89
commit eb545034ab
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
34 changed files with 5205 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

105
tests/integration/responses/test_mcp_authentication.py Normal file
View file

@ -0,0 +1,105 @@
# Copyright (c) Meta Platforms, Inc. and affiliates.
# All rights reserved.
#
# This source code is licensed under the terms described in the LICENSE file in
# the root directory of this source tree.
import pytest
from tests.common.mcp import make_mcp_server
from .helpers import setup_mcp_tools
# MCP authentication tests with recordings
# Tests for bearer token authorization support in MCP tool configurations
def test_mcp_authorization_bearer(responses_client, text_model_id):
"""Test that bearer authorization is correctly applied to MCP requests."""
test_token = "test-bearer-token-789"
with make_mcp_server(required_auth_token=test_token) as mcp_server_info:
tools = setup_mcp_tools(
[
{
"type": "mcp",
"server_label": "auth-mcp",
"server_url": "<FILLED_BY_TEST_RUNNER>",
"authorization": test_token, # Just the token, not "Bearer <token>"
}
],
mcp_server_info,
)
# Create response - authorization should be applied
response = responses_client.responses.create(
model=text_model_id,
input="What is the boiling point of myawesomeliquid?",
tools=tools,
stream=False,
)
# Verify list_tools succeeded (requires auth)
assert len(response.output) >= 3
assert response.output[0].type == "mcp_list_tools"
assert len(response.output[0].tools) == 2
# Verify tool invocation succeeded (requires auth)
assert response.output[1].type == "mcp_call"
assert response.output[1].error is None
def test_mcp_authorization_error_when_header_provided(responses_client, text_model_id):
"""Test that providing Authorization in headers raises a security error."""
test_token = "test-token-123"
with make_mcp_server(required_auth_token=test_token) as mcp_server_info:
tools = setup_mcp_tools(
[
{
"type": "mcp",
"server_label": "header-auth-mcp",
"server_url": "<FILLED_BY_TEST_RUNNER>",
"headers": {"Authorization": f"Bearer {test_token}"}, # Security risk - should be rejected
}
],
mcp_server_info,
)
# Create response - should raise BadRequestError for security reasons
with pytest.raises((ValueError, Exception), match="Authorization header cannot be passed via 'headers'"):
responses_client.responses.create(
model=text_model_id,
input="What is the boiling point of myawesomeliquid?",
tools=tools,
stream=False,
)
def test_mcp_authorization_backward_compatibility(responses_client, text_model_id):
"""Test that MCP tools work without authorization (backward compatibility)."""
# No authorization required
with make_mcp_server(required_auth_token=None) as mcp_server_info:
tools = setup_mcp_tools(
[
{
"type": "mcp",
"server_label": "noauth-mcp",
"server_url": "<FILLED_BY_TEST_RUNNER>",
}
],
mcp_server_info,
)
# Create response without authorization
response = responses_client.responses.create(
model=text_model_id,
input="What is the boiling point of myawesomeliquid?",
tools=tools,
stream=False,
)
# Verify operations succeeded without auth
assert len(response.output) >= 3
assert response.output[0].type == "mcp_list_tools"
assert response.output[1].type == "mcp_call"
assert response.output[1].error is None