Skip to content

fix: Accept Authorization: Bearer header for MCP authentication #948

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bokelley merged 3 commits into from
Jan 14, 2026
Merged

fix: Accept Authorization: Bearer header for MCP authentication #948

bokelley merged 3 commits into from
Jan 14, 2026

Conversation

@bokelley
Copy link
Contributor

@bokelley bokelley commented Jan 14, 2026

Summary

  • MCP clients like Anthropic only support the standard Authorization: Bearer header, not custom x-adcp-auth headers
  • This fix allows authentication via either header for compatibility with standard MCP clients
  • x-adcp-auth header takes precedence when both are present (backwards compatible)

Changes

  • Updated src/core/auth.py to check for Authorization: Bearer as a fallback when x-adcp-auth is not present
  • Bearer prefix matching is case-insensitive per RFC 6750
  • Empty tokens after Bearer prefix are rejected
  • Added comprehensive test coverage in tests/unit/test_auth_bearer_header.py

Test plan

  • Unit tests pass (uv run pytest tests/unit/test_auth_bearer_header.py)
  • All auth tests pass (uv run pytest tests/unit/ -k "auth" - 153 passed)
  • MCP endpoint tested with uvx adcp CLI tool

Note

The pre-existing failure in test_media_buy_create_helpers.py::TestGetFormatSpecSync::test_successful_format_retrieval is unrelated to this change - it also fails on main.

🤖 Generated with Claude Code

bokelley and others added 3 commits January 13, 2026 20:08
@bokelley @claude
fix: Accept Authorization: Bearer header for MCP authentication
645f35d 
MCP clients like Anthropic only support the standard Authorization: Bearer
header, not custom x-adcp-auth headers. This fix allows authentication via
either header for compatibility with standard MCP clients.

- x-adcp-auth header takes precedence when both are present (backwards compatible)
- Bearer prefix matching is case-insensitive per RFC 6750
- Empty tokens after Bearer prefix are rejected
- Added comprehensive test coverage

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@bokelley @claude
fix: Upgrade vulnerable deps and fix flaky unit test
6f31a4a 
- Upgrade filelock 3.20.1→3.20.3 (GHSA-qmgc-5h2g-mvrw)
- Upgrade urllib3 2.6.2→2.6.3 (GHSA-38jv-5279-wg99)
- Upgrade Werkzeug 3.1.4→3.1.5 (GHSA-87hc-h4r5-73f7)
- Fix test_media_buy_create_helpers.py to mock external HTTP calls
  instead of making real network requests to creative agent

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@bokelley
Merge remote-tracking branch 'origin/main' into bokelley/fix-auth-hea…
c4ab36b 
…der-check
BaiyuScope3
BaiyuScope3 approved these changes Jan 14, 2026
View reviewed changes
Copy link
Collaborator

@BaiyuScope3 BaiyuScope3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

E2E testing failing, but I'll leave a approve so we can merge it after it fixed

@bokelley bokelley merged commit a1ae3ff into main Jan 14, 2026
13 checks passed
@github-actions github-actions bot mentioned this pull request Jan 14, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BaiyuScope3 BaiyuScope3 BaiyuScope3 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bokelley @BaiyuScope3