kyegomez/swarms

[Improvement][Ensure MCP Configuration compatibility]

Open

#1,042 opened on Aug 25, 2025

View on GitHub
 (2 comments) (0 reactions) (1 assignee)Python (948 forks)github user discovery
FEATenhancementgood first issue

Repository metrics

Stars
 (6,809 stars)
PR merge metrics
 (PR metrics pending)

Description

  • Now, the MCP functions only take in the URL and some other parameters.
  • We need to ensure they support the ability to change the header, transport, and other parameters in the swarms.schema.mcp_schemas.py file
  • Ensure compatibility in the agent.py file and also in the swarms.tools.mcp_client_call

Enhanced Authentication Handling Requirements

MCP Authentication Standards

The Model Context Protocol supports robust authentication mechanisms that should be integrated:

  • OAuth 2.1 & OpenID Connect: Industry-standard authentication protocols
  • Bearer Token Authentication: For API key and JWT-based auth
  • Custom Headers: Support for proprietary authentication schemes
  • Resource-based Authorization: Scope-based access control

Recommended Auth Implementation

Based on MCP Auth documentation and MCP Python SDK, the enhanced MCPConnection should support:

  1. OAuth Configuration: Authorization server endpoints, client credentials, and scopes
  2. Token Management: Automatic refresh, secure storage, and validation
  3. Metadata Discovery: Automatic discovery of protected resources and capabilities
  4. Security Headers: Support for custom authentication headers and CORS

Updated Schema with Enhanced Auth

from typing import Any, Dict, List, Optional

from pydantic import BaseModel, Field


class MCPAuthConfig(BaseModel):
    """Enhanced authentication configuration for MCP connections."""
    auth_type: Optional[str] = Field(
        default="bearer",
        description="Authentication type: bearer, oauth2, api_key, or custom"
    )
    oauth_config: Optional[Dict[str, Any]] = Field(
        default=None,
        description="OAuth 2.1 configuration with authorization_endpoint, token_endpoint, client_id, scopes"
    )
    protected_resources: Optional[List[str]] = Field(
        default=None,
        description="List of protected resource identifiers"
    )
    scopes_required: Optional[List[str]] = Field(
        default=None,
        description="Required OAuth scopes for accessing resources"
    )
    token_validation: Optional[Dict[str, Any]] = Field(
        default=None,
        description="Token validation configuration including audience, issuer"
    )


class MCPConnection(BaseModel):
    type: Optional[str] = Field(
        default="mcp",
        description="The type of connection, defaults to 'mcp'",
    )
    url: Optional[str] = Field(
        default="http://localhost:8000/mcp",
        description="The URL endpoint for the MCP server",
    )
    tool_configurations: Optional[Dict[Any, Any]] = Field(
        default=None,
        description="Dictionary containing configuration settings for MCP tools",
    )
    authorization_token: Optional[str] = Field(
        default=None,
        description="Authentication token for accessing the MCP server",
    )
    auth_config: Optional[MCPAuthConfig] = Field(
        default=None,
        description="Enhanced authentication configuration"
    )
    transport: Optional[str] = Field(
        default="streamable_http",
        description="The transport protocol to use for the MCP server",
    )
    headers: Optional[Dict[str, str]] = Field(
        default=None, description="Headers to send to the MCP server"
    )
    timeout: Optional[int] = Field(
        default=10, description="Timeout for the MCP server"
    )
    security_settings: Optional[Dict[str, Any]] = Field(
        default=None,
        description="Additional security configurations for TLS, CORS, etc."
    )

    class Config:
        arbitrary_types_allowed = True
        extra = "allow"


class MultipleMCPConnections(BaseModel):
    connections: List[MCPConnection] = Field(
        description="List of MCP connections"
    )
    global_auth_settings: Optional[Dict[str, Any]] = Field(
        default=None,
        description="Global authentication settings applied to all connections"
    )

    class Config:
        arbitrary_types_allowed = True

Implementation References

  • MCP Auth Python SDK: mcp-auth/python - Official plug-and-play authentication
  • MCP Authentication Spec: MCP Auth Docs - Comprehensive auth patterns and best practices
  • FastAPI MCP Integration: Medium Tutorial - Practical implementation examples

Security Best Practices

  1. Token Security: Never log or expose authentication tokens in plain text
  2. Scope Validation: Implement proper scope checking for resource access
  3. TLS Requirements: Enforce HTTPS for all authentication exchanges
  4. Token Refresh: Implement automatic token refresh mechanisms
  5. Error Handling: Provide secure error messages that don't leak auth details

Contributor guide