Security Token is forced (Identity MCP Server) #47
Description
The identity mcp seems to be the start so it can grab tenancy and compartment ocids. I am working in VSCode and set up the mcp server as follows
"oracle-oci-identity-mcp-server": {
"type": "stdio",
"command": "uvx",
"args": [
"oracle.oci-identity-mcp-server"
],
"env": {
"OCI_CONFIG_PROFILE": "DEFAULT",
"FASTMCP_LOG_LEVEL": "ERROR"
}
}
I have requested to get the list of compartments, and it wants to use the server correctly
Ran get_current_tenancy - oracle-oci-identity-mcp-server
However I get an error looking for a security token
Error calling tool 'get_current_tenancy': 'security_token_file'
Looking at the code for the identity server, it looks like it is requiring a security token
def get_identity_client():
config = oci.config.from_file(
profile_name=os.getenv("OCI_CONFIG_PROFILE", oci.config.DEFAULT_PROFILE)
)
user_agent_name = __project__.split("oracle.", 1)[1].split("-server", 1)[0]
config["additional_user_agent"] = f"{user_agent_name}/{__version__}"
private_key = oci.signer.load_private_key_from_file(config["key_file"])
token_file = config["security_token_file"]
with open(token_file, "r") as f:
token = f.read()
signer = oci.auth.signers.SecurityTokenSigner(token, private_key)
return oci.identity.IdentityClient(config, signer=signer)
My OCI config file is setup to use an API key. Can the mcp server use API or Security Token? I've been working on wrapping this in mcp-proxy to add SSE/HTTP to it and API key credentials will be essential. Unless #44 is added.