feat: requires OAuth-only auth mode for MCP agents

2026-04-29 15:08:18 +03:00
parent ad0b15cc6e
commit d20b4f396b
6 changed files with 31 additions and 17 deletions
--- a/app/config.py
+++ b/app/config.py
@@ -20,7 +20,7 @@ class Settings(BaseSettings):
    admin_password: str = "admin"
    session_secret: str = Field(default="dev-session-secret", min_length=8)
    mcp_token: str = "dev-mcp-token"
-    mcp_auth_mode: Literal["token", "oauth", "oauth_or_token"] = "token"
+    mcp_auth_mode: Literal["token", "oauth"] = "oauth"
    mcp_resource_url: str = "http://localhost:8001/mcp"
    mcp_oauth_issuer: str = ""
    mcp_oauth_audience: str = ""
--- a/app/security.py
+++ b/app/security.py
@@ -79,11 +79,11 @@ def mcp_protected_resource_metadata(settings: Settings) -> dict:


 def _mcp_static_token_allowed(settings: Settings) -> bool:
-    return settings.mcp_auth_mode in {"token", "oauth_or_token"}
+    return settings.mcp_auth_mode == "token"


 def _mcp_oauth_allowed(settings: Settings) -> bool:
-    return settings.mcp_auth_mode in {"oauth", "oauth_or_token"}
+    return settings.mcp_auth_mode == "oauth"


 def _validate_mcp_oauth_token(token: str, settings: Settings) -> None: