Add token_provider for short-lived MCP auth in common.ai#68104
Merged
Conversation
877473b to
8629355
Compare
MCPHook built the MCP server with a single static Authorization header from the connection password, so it could not authenticate to MCP endpoints that require a freshly minted or short-lived token. The motivating case is a Snowflake managed MCP server, best authenticated with a key-pair JWT that expires after about an hour and cannot be stored as a static connection value; the same limit blocked OAuth/refresh tokens, Workload Identity Federation, and GitHub App installation tokens. MCPHook and MCPToolset now accept an optional token_provider callable. When set, it is invoked each time the HTTP/SSE server connection is established and its return value is used as the bearer token, overriding the static password. The minted token is registered with secret masking (matching the auto-masking the connection password already receives) so it does not leak into task logs, and a provider that returns a non-string or empty value fails loud instead of silently sending an unauthenticated request. token_provider is resolved in DAG code, so the signing key never enters the serialized DAG.
8629355 to
f9520b2
Compare
gopidesupavan
approved these changes
Jun 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
MCPHookbuilt the MCP server with a single staticAuthorizationheader taken from the connectionpassword, so it could not authenticate to MCP endpoints that require a freshly minted or short-lived token. The motivating case is a Snowflake managed MCP server, best authenticated with a key-pair JWT that expires after about an hour and cannot be stored as a static value. The same limit blocked OAuth/refresh tokens, Workload Identity Federation, and GitHub App installation tokens.MCPHookandMCPToolsetnow accept an optionaltoken_providercallable.How it works
token_provideris set, it is invoked each time the HTTP/SSE server connection is established and its return value is used as the bearer token, overriding the staticpassword.token_provideris resolved in DAG code (a Python callable, not a stored connection field), so the signing key never enters the serialized DAG.Usage
Gotchas
token_providerapplies to HTTP/SSE transports only; it is ignored forstdio(which has no HTTP headers).