inspector icon indicating copy to clipboard operation
inspector copied to clipboard
verified publisher icon modelcontextprotocol

MCP inspector abruptly stopping authentication flow after PRM discovery

Open pavinduLakshan opened this issue 5 months ago • 1 comments

Describe the bug A clear and concise description of what the bug is.

I'm trying to connect a secured MCP server with the MCP inspector. This is my mcp server source code: https://gist.github.com/pavinduLakshan/ea20559400a485ca406894be2f7fad6d

However, when I try to connect to this MCP server from the inspector V0.16.2, I'm getting the following error in the inspector UI

Connection Error - Check if your MCP server is running and proxy token is correct

In browser devtools, I can see a PRM request failing as a CORS error, but the subsequent request with the same config succeeds, yet the inspector doesn't seem to proceed with the auth flow.

Image Image

To Reproduce Steps to reproduce the behavior:

  1. Use the mcp server in https://gist.github.com/pavinduLakshan/ea20559400a485ca406894be2f7fad6d.
  2. Spin a venv and start the MCP server.
  3. Try to connect to it from inspector

Expected behavior A clear and concise description of what you expected to happen.

Auth flow should continue after PRM discovery.

Logs If applicable, add logs to help explain your problem.

N/A

Additional context Add any other context about the problem here.

N/A

pavinduLakshan avatar Jul 30 '25 09:07 pavinduLakshan

A long shot, since my own little experiment is rust-based. Still, I experienced the very same symptoms using rmpc.

The solution that worked for me was adding

.allow_headers(vec![
  CONTENT_TYPE,
  HeaderName::from_static("mcp-protocol-version")
])

to the CORS policy of the server (axum in my case). Basically, having the mcp server return smtg like

❯ curl -v -X OPTIONS -k http://127.0.0.1:8222/mcp
*   Trying 127.0.0.1:8222...
* Established connection to 127.0.0.1 (127.0.0.1 port 8222) from 127.0.0.1 port 48476 
* using HTTP/1.x
> OPTIONS /mcp HTTP/1.1
> Host: 127.0.0.1:8222
> User-Agent: curl/8.17.0
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 200 OK
< vary: origin, access-control-request-method, access-control-request-headers
< access-control-allow-methods: GET,POST,OPTIONS
< access-control-allow-headers: content-type,mcp-protocol-version
< access-control-allow-origin: *
< content-length: 0
< date: Wed, 26 Nov 2025 22:34:11 GMT

You can obviously go more permissive and give it a *.

Also, make sure you selected "Connection Type: Via proxy" in the MCP Inspector UI.

gr211 avatar Nov 26 '25 22:11 gr211