-
Notifications
You must be signed in to change notification settings - Fork 0
Authentication
Adeel Ijaz edited this page Mar 26, 2026
·
1 revision
The server uses Bearer token authentication. When enabled, every request must include a matching Authorization header — unauthenticated requests receive a 401 Unauthorized response.
Set MCP_AUTH_TOKEN in docker-compose.yml to any string:
MCP_AUTH_TOKEN: "your-secret-token"Restart the container:
docker compose up -dLeave MCP_AUTH_TOKEN empty to disable auth entirely.
flowchart TD
A([Incoming Request]) --> B{Auth enabled?}
B -- No --> D([Forward to MCP Server])
B -- Yes --> C{Valid Bearer token?}
C -- Yes --> D
C -- No --> E([401 Unauthorized])
Auth is checked at the HTTP layer before the request reaches the MCP server. Non-HTTP scopes such as lifespan events are passed through without checks.
# Should return 401
curl -s http://YOUR_SERVER_IP:8000/sse
# Should return 401
curl -s http://YOUR_SERVER_IP:8000/sse \
-H "Authorization: Bearer wrongtoken"
# Should stream SSE (hangs — that's correct)
curl -N http://YOUR_SERVER_IP:8000/sse \
-H "Authorization: Bearer your-secret-token"A successful connection streams:
event: endpoint
data: /messages/?session_id=...
Both VS Code and Claude Desktop support custom headers in their MCP config:
"headers": {
"Authorization": "Bearer your-secret-token"
}See Clients for full config examples.