You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are looking to create our own MCP Server using FastMCP that will be running alongside our Flask App. This will allow us to use the methods within our Flask App in the MCP Tools.
We are looking to use the MCP Tools in the Deep Researcher calls where we will respond to the /search and /fetch tool calls with the appropriate solutions.
Now we want to authenticate the requests from OpenAI. In the call we can add the header and include the Bearer token. We generate this bearer token using the OpenSSL public/private key pairs.
On the MCP Server BearerAuthProvider method within fastmcp along with the public keys and it all seems to work well.
Do you think there are any security issues with this implementation? Is there any other way we can include authentication without having to involve another Authorization Server or Identity Provider
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hey Everyone!
We are looking to create our own MCP Server using FastMCP that will be running alongside our Flask App. This will allow us to use the methods within our Flask App in the MCP Tools.
We are looking to use the MCP Tools in the Deep Researcher calls where we will respond to the /search and /fetch tool calls with the appropriate solutions.
Now we want to authenticate the requests from OpenAI. In the call we can add the header and include the Bearer token. We generate this bearer token using the OpenSSL public/private key pairs.
On the MCP Server BearerAuthProvider method within fastmcp along with the public keys and it all seems to work well.
Do you think there are any security issues with this implementation? Is there any other way we can include authentication without having to involve another Authorization Server or Identity Provider
Beta Was this translation helpful? Give feedback.
All reactions