kyegomez/swarms
View on GitHub[Improvement][Ensure MCP Configuration compatibility]
Open
#1,042 opened on Aug 25, 2025
FEATenhancementgood first issue
Repository metrics
- Stars
- (6,809 stars)
- PR merge metrics
- (PR metrics pending)
Description
- Now, the MCP functions only take in the URL and some other parameters.
- We need to ensure they support the ability to change the header, transport, and other parameters in the swarms.schema.mcp_schemas.py file
- Ensure compatibility in the agent.py file and also in the
swarms.tools.mcp_client_call
Enhanced Authentication Handling Requirements
MCP Authentication Standards
The Model Context Protocol supports robust authentication mechanisms that should be integrated:
- OAuth 2.1 & OpenID Connect: Industry-standard authentication protocols
- Bearer Token Authentication: For API key and JWT-based auth
- Custom Headers: Support for proprietary authentication schemes
- Resource-based Authorization: Scope-based access control
Recommended Auth Implementation
Based on MCP Auth documentation and MCP Python SDK, the enhanced MCPConnection should support:
- OAuth Configuration: Authorization server endpoints, client credentials, and scopes
- Token Management: Automatic refresh, secure storage, and validation
- Metadata Discovery: Automatic discovery of protected resources and capabilities
- Security Headers: Support for custom authentication headers and CORS
Updated Schema with Enhanced Auth
from typing import Any, Dict, List, Optional
from pydantic import BaseModel, Field
class MCPAuthConfig(BaseModel):
"""Enhanced authentication configuration for MCP connections."""
auth_type: Optional[str] = Field(
default="bearer",
description="Authentication type: bearer, oauth2, api_key, or custom"
)
oauth_config: Optional[Dict[str, Any]] = Field(
default=None,
description="OAuth 2.1 configuration with authorization_endpoint, token_endpoint, client_id, scopes"
)
protected_resources: Optional[List[str]] = Field(
default=None,
description="List of protected resource identifiers"
)
scopes_required: Optional[List[str]] = Field(
default=None,
description="Required OAuth scopes for accessing resources"
)
token_validation: Optional[Dict[str, Any]] = Field(
default=None,
description="Token validation configuration including audience, issuer"
)
class MCPConnection(BaseModel):
type: Optional[str] = Field(
default="mcp",
description="The type of connection, defaults to 'mcp'",
)
url: Optional[str] = Field(
default="http://localhost:8000/mcp",
description="The URL endpoint for the MCP server",
)
tool_configurations: Optional[Dict[Any, Any]] = Field(
default=None,
description="Dictionary containing configuration settings for MCP tools",
)
authorization_token: Optional[str] = Field(
default=None,
description="Authentication token for accessing the MCP server",
)
auth_config: Optional[MCPAuthConfig] = Field(
default=None,
description="Enhanced authentication configuration"
)
transport: Optional[str] = Field(
default="streamable_http",
description="The transport protocol to use for the MCP server",
)
headers: Optional[Dict[str, str]] = Field(
default=None, description="Headers to send to the MCP server"
)
timeout: Optional[int] = Field(
default=10, description="Timeout for the MCP server"
)
security_settings: Optional[Dict[str, Any]] = Field(
default=None,
description="Additional security configurations for TLS, CORS, etc."
)
class Config:
arbitrary_types_allowed = True
extra = "allow"
class MultipleMCPConnections(BaseModel):
connections: List[MCPConnection] = Field(
description="List of MCP connections"
)
global_auth_settings: Optional[Dict[str, Any]] = Field(
default=None,
description="Global authentication settings applied to all connections"
)
class Config:
arbitrary_types_allowed = True
Implementation References
- MCP Auth Python SDK: mcp-auth/python - Official plug-and-play authentication
- MCP Authentication Spec: MCP Auth Docs - Comprehensive auth patterns and best practices
- FastAPI MCP Integration: Medium Tutorial - Practical implementation examples
Security Best Practices
- Token Security: Never log or expose authentication tokens in plain text
- Scope Validation: Implement proper scope checking for resource access
- TLS Requirements: Enforce HTTPS for all authentication exchanges
- Token Refresh: Implement automatic token refresh mechanisms
- Error Handling: Provide secure error messages that don't leak auth details