Skip to content

Fix session token handling and require auth for blog post creation#200

Merged
asim merged 2 commits intomainfrom
claude/mu-killer-feature-yxRo5
Mar 4, 2026
Merged

Fix session token handling and require auth for blog post creation#200
asim merged 2 commits intomainfrom
claude/mu-killer-feature-yxRo5

Conversation

@asim
Copy link
Member

@asim asim commented Mar 4, 2026

No description provided.

claude added 2 commits March 4, 2026 19:27
@claude
Fix MCP auth: accept session tokens in Authorization header
8c77b7d 
The login/signup MCP tools return session tokens, but GetSession only
checked the Authorization header for PAT tokens. Now it also tries
parsing the header value as a session token, so MCP clients that pass
the token via Authorization header are properly authenticated.

This fixes blog posts (and other actions) showing as "Anonymous" when
created through MCP after login/signup.

https://claude.ai/code/session_01QJaTh5F1pfgRaGzsQSZDcQ
@claude
Require auth for blog post creation, reject anonymous posts
1a3462e 
Blog post creation silently fell back to "Anonymous" when auth failed.
Now it returns 401 Unauthorized instead. Combined with the session token
fix in GetSession, MCP clients are properly authenticated.

https://claude.ai/code/session_01QJaTh5F1pfgRaGzsQSZDcQ
@asim asim merged commit 1d8d9d0 into main Mar 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@asim @claude