diff --git a/README.md b/README.md index 27da799..dea22ee 100644 --- a/README.md +++ b/README.md @@ -126,6 +126,7 @@ Launches a fully functional HTTP server with: - In-browser test client UI - Multi-connection support - Built with lightweight Hono framework +- Optional pass-through auth headers ### StreamableHTTP @@ -138,6 +139,7 @@ Implements the MCP StreamableHTTP transport which offers: - Compatibility with MCP StreamableHTTPClientTransport - In-browser test client UI - Built with lightweight Hono framework +- Optional pass-through auth headers ### Transport Comparison @@ -152,6 +154,7 @@ Implements the MCP StreamableHTTP transport which offers: | Load balancing | No | Limited | Yes | | Status codes | No | Limited | Full HTTP codes | | Headers | No | Limited | Full HTTP headers | +| Pass-through Auth | No | Optional | Optional | | Test client | No | Yes | Yes | --- @@ -169,6 +172,33 @@ Configure auth credentials in your environment: --- +## 🔐 Pass-through Headers for Authentication + +Use the CLI option `--passthrough-auth` to have the server pass-through client auth headers to the downstream API. The headers forwarded are for the auth schemes defined in the OpenAPI spec. Scheme types http (bearer or basic), apiKey (header, query param, or cookie), and openIdConnect bearer tokens are supported. + +The client should configure the auth credentials to be sent, for example: + +``` +"mcpServers": { + "my-api": { + "transport": "HTTP", + "url": "http://localhost:3000/sse", + "headers": { + "Authorization": "Bearer MY_TOKEN" + } + }, + "my-other-api": { + "transport": "Streamable-HTTP", + "url": "http://localhost:4000/mcp", + "headers": { + "X-API-Key": "MY_API_KEY" + } + }, +} +``` + +--- + ## 🔎 Filtering Endpoints with OpenAPI Extensions You can control which operations are exposed as MCP tools using a vendor extension flag `x-mcp`. This extension is supported at the root, path, and operation levels. By default, endpoints are included unless explicitly excluded.