inspector icon indicating copy to clipboard operation
inspector copied to clipboard
verified publisher icon modelcontextprotocol

WWW-Authenticate headers should be passed through

Open localden opened this issue 9 months ago • 2 comments

Without this, you don't have the means to respond to specific HTTP 401 errors. Right now, on any token validation error that the server responds with 401 Unauthorized the client will just act as if it needs to re-authenticate with no context as to why.

localden avatar Mar 07 '25 04:03 localden

@localden you're right, but can you provide an example with steps to repro? I'm not sure if this is a failing of the Inspector or the SDK.

cliffhall avatar Mar 31 '25 19:03 cliffhall

Without this, you don't have the means to respond to specific HTTP 401 errors. Right now, on any token validation error that the server responds with 401 Unauthorized the client will just act as if it needs to re-authenticate with no context as to why.

Are you saying that WWW-Authenticate response headers are not making it to the client from the MCP Inspector's backing server?

cliffhall avatar May 13 '25 16:05 cliffhall

Closing as not planned and labeling with v2 in case we want to review for next version.

olaservo avatar Nov 11 '25 03:11 olaservo