Support auth token on MCP Inspector #780
Conversation
- π§ Bump InspectorVersion from 0.15.0 to 0.16.2 - π¦ Add inspectorVersion parameter to AddMcpInspector method
- β¨ Add ProxyTokenParameter to McpInspectorResource - π§ Update AddMcpInspector method to accept proxy token - β Implement authenticated health checks for server proxy endpoint - π§ͺ Add tests for proxy token generation and usage
There was a problem hiding this comment.
Pull Request Overview
This PR enhances the MCP Inspector integration with proxy token authentication support, moving away from the insecure DANGEROUSLY_OMIT_AUTH approach to proper authentication.
Key changes:
- Add proxy token parameter support to McpInspectorResource with automatic generation or custom token acceptance
- Replace insecure health checks with authenticated health checks for the server proxy endpoint
- Update extension methods to handle proxy token configuration and environment variables
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| McpInspectorResource.cs | Adds ProxyTokenParameter property to store authentication token |
| McpInspectorResourceBuilderExtensions.cs | Updates AddMcpInspector method with proxy token support and authenticated health checks |
| CommunityToolkit.Aspire.Hosting.McpInspector.csproj | Adds AspNetCore.HealthChecks.Uris package dependency |
| McpInspectorResourceBuilderExtensionsTests.cs | Adds tests for proxy token generation and custom token usage |
| AppHostTests.cs | Updates health check tests to use proper authentication with proxy token |
src/CommunityToolkit.Aspire.Hosting.McpInspector/McpInspectorResourceBuilderExtensions.cs
Show resolved
Hide resolved
src/CommunityToolkit.Aspire.Hosting.McpInspector/McpInspectorResource.cs
Show resolved
Hide resolved
| if (url.Endpoint is not null) | ||
| { | ||
| var uriBuilder = new UriBuilder(url.Url); | ||
| uriBuilder.Query = $"MCP_PROXY_AUTH_TOKEN={Uri.EscapeDataString(token!)}"; |
There was a problem hiding this comment.
Hmmmmm, interesting. This might not be the best practice right?
There was a problem hiding this comment.
It definitely feels dirty. No link and defer to getting it (the link) rom console log?
There was a problem hiding this comment.
However, this is the URI that is emitted in the console...so it's not like this surfaces a secret of sorts that isn't surfaced already.
src/CommunityToolkit.Aspire.Hosting.McpInspector/McpInspectorResourceBuilderExtensions.cs
Outdated
Show resolved
Hide resolved
aaronpowell
changed the title
- π Introduced McpInspectorOptions for better configuration management - π Updated AddMcpInspector methods to accept options - π οΈ Deprecated old overloads for cleaner API - π Enhanced README with usage examples for new options
There was a problem hiding this comment.
Thanks for the method refactor @timheuer - looks a lot cleaner now.
I'm good on the review front, just waiting on the comment from @davidfowl to see if there's any action we should take.
Closes #779
Enhance MCP Inspector with proxy token support
PR Checklist