Support bearer token

2025-03-10 17:29:06 +02:00
parent 0870a81990
commit dbd616905c
4 changed files with 63 additions and 12 deletions
--- a/README.md
+++ b/README.md
@@ -38,6 +38,10 @@ CLIENT_PORT=8080 SERVER_PORT=9000 npx @modelcontextprotocol/inspector node build

 For more details on ways to use the inspector, see the [Inspector section of the MCP docs site](https://modelcontextprotocol.io/docs/tools/inspector). For help with debugging, see the [Debugging guide](https://modelcontextprotocol.io/docs/tools/debugging).

+### Authentication
+
+The inspector supports bearer token authentication for SSE connections. Enter your token in the UI when connecting to an MCP server, and it will be sent in the Authorization header.
+
 ### From this repository

 If you're working on the inspector itself:
--- a/client/src/App.tsx
+++ b/client/src/App.tsx
@@ -97,6 +97,9 @@ const App = () => {
  >([]);
  const [roots, setRoots] = useState<Root[]>([]);
  const [env, setEnv] = useState<Record<string, string>>({});
+  const [bearerToken, setBearerToken] = useState<string>(() => {
+    return localStorage.getItem("lastBearerToken") || "";
+  });

  const [pendingSampleRequests, setPendingSampleRequests] = useState<
    Array<
@@ -160,6 +163,7 @@ const App = () => {
    args,
    sseUrl,
    env,
+    bearerToken,
    proxyServerUrl: PROXY_SERVER_URL,
    onNotification: (notification) => {
      setNotifications((prev) => [...prev, notification as ServerNotification]);
@@ -195,6 +199,10 @@ const App = () => {
    localStorage.setItem("lastTransportType", transportType);
  }, [transportType]);

+  useEffect(() => {
+    localStorage.setItem("lastBearerToken", bearerToken);
+  }, [bearerToken]);
+
  // Auto-connect if serverUrl is provided in URL params (e.g. after OAuth callback)
  useEffect(() => {
    const serverUrl = params.get("serverUrl");
@@ -382,6 +390,8 @@ const App = () => {
        setSseUrl={setSseUrl}
        env={env}
        setEnv={setEnv}
+        bearerToken={bearerToken}
+        setBearerToken={setBearerToken}
        onConnect={connectMcpServer}
        stdErrNotifications={stdErrNotifications}
      />
--- a/client/src/components/Sidebar.tsx
+++ b/client/src/components/Sidebar.tsx
@@ -35,6 +35,8 @@ interface SidebarProps {
  setSseUrl: (url: string) => void;
  env: Record<string, string>;
  setEnv: (env: Record<string, string>) => void;
+  bearerToken: string;
+  setBearerToken: (token: string) => void;
  onConnect: () => void;
  stdErrNotifications: StdErrNotification[];
 }
@@ -51,11 +53,14 @@ const Sidebar = ({
  setSseUrl,
  env,
  setEnv,
+  bearerToken,
+  setBearerToken,
  onConnect,
  stdErrNotifications,
 }: SidebarProps) => {
  const [theme, setTheme] = useTheme();
  const [showEnvVars, setShowEnvVars] = useState(false);
+  const [showBearerToken, setShowBearerToken] = useState(false);
  const [shownEnvVars, setShownEnvVars] = useState<Set<string>>(new Set());

  return (
@@ -110,6 +115,7 @@ const Sidebar = ({
              </div>
            </>
          ) : (
+            <>
              <div className="space-y-2">
                <label className="text-sm font-medium">URL</label>
                <Input
@@ -119,6 +125,33 @@ const Sidebar = ({
                  className="font-mono"
                />
              </div>
+              <div className="space-y-2">
+                <Button
+                  variant="outline"
+                  onClick={() => setShowBearerToken(!showBearerToken)}
+                  className="flex items-center w-full"
+                >
+                  {showBearerToken ? (
+                    <ChevronDown className="w-4 h-4 mr-2" />
+                  ) : (
+                    <ChevronRight className="w-4 h-4 mr-2" />
+                  )}
+                  Authentication
+                </Button>
+                {showBearerToken && (
+                  <div className="space-y-2">
+                    <label className="text-sm font-medium">Bearer Token</label>
+                    <Input
+                      placeholder="Bearer Token"
+                      value={bearerToken}
+                      onChange={(e) => setBearerToken(e.target.value)}
+                      className="font-mono"
+                      type="password"
+                    />
+                  </div>
+                )}
+              </div>
+            </>
          )}
          {transportType === "stdio" && (
            <div className="space-y-2">
--- a/client/src/lib/hooks/useConnection.ts
+++ b/client/src/lib/hooks/useConnection.ts
@@ -37,6 +37,7 @@ interface UseConnectionOptions {
  sseUrl: string;
  env: Record<string, string>;
  proxyServerUrl: string;
+  bearerToken?: string;
  requestTimeout?: number;
  onNotification?: (notification: Notification) => void;
  onStdErrNotification?: (notification: Notification) => void;
@@ -57,6 +58,7 @@ export function useConnection({
  sseUrl,
  env,
  proxyServerUrl,
+  bearerToken,
  requestTimeout = DEFAULT_REQUEST_TIMEOUT_MSEC,
  onNotification,
  onStdErrNotification,
@@ -228,9 +230,11 @@ export function useConnection({
      // Inject auth manually instead of using SSEClientTransport, because we're
      // proxying through the inspector server first.
      const headers: HeadersInit = {};
-      const tokens = await authProvider.tokens();
-      if (tokens) {
-        headers["Authorization"] = `Bearer ${tokens.access_token}`;
+
+      // Use manually provided bearer token if available, otherwise use OAuth tokens
+      const token = bearerToken || (await authProvider.tokens())?.access_token;
+      if (token) {
+        headers["Authorization"] = `Bearer ${token}`;
      }

      const clientTransport = new SSEClientTransport(backendUrl, {