Fix MCP list_authorized_properties tenant detection without context #578
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Allow get_principal_from_context() to work even when context=None by removing early return. The function can still detect tenant via get_http_headers() which uses FastMCP context variables internally. This fixes MCP calls to list_authorized_properties without authentication, matching the A2A behavior fixed in the previous commit. Before: context=None → early return (None, None) → tenant detection failed After: context=None → try get_http_headers() → detect tenant from Apx-Incoming-Host Impact: - MCP list_authorized_properties now works without auth token - Tenant detected from HTTP headers (Apx-Incoming-Host, Host, x-adcp-tenant) - Matches A2A behavior (both protocols now support unauthenticated discovery) Testing: Will verify with test-agent.adcontextprotocol.org MCP endpoint
bokelley
added a commit
that referenced
this pull request
Oct 24, 2025
The session-based mode (stateless_http=False) introduced in PR #580 causes protocol compatibility issues with MCP clients, resulting in 'Unknown error' failures. Analysis: - FastMCP sessions require proper session establishment flow - Current MCP clients don't implement session management - Errors occur at protocol layer before our code executes - get_http_headers() works via context vars regardless of session mode Solution: - Revert to stateless_http=True (previous working state) - Keep all context safety fixes from PRs #577, #578, #580 - get_http_headers(include_all=True) still works for tenant detection This maintains A2A functionality while fixing MCP protocol compatibility.
4 tasks
EmmaLouise2018
pushed a commit
that referenced
this pull request
Oct 24, 2025
…578) Allow get_principal_from_context() to work even when context=None by removing early return. The function can still detect tenant via get_http_headers() which uses FastMCP context variables internally. This fixes MCP calls to list_authorized_properties without authentication, matching the A2A behavior fixed in the previous commit. Before: context=None → early return (None, None) → tenant detection failed After: context=None → try get_http_headers() → detect tenant from Apx-Incoming-Host Impact: - MCP list_authorized_properties now works without auth token - Tenant detected from HTTP headers (Apx-Incoming-Host, Host, x-adcp-tenant) - Matches A2A behavior (both protocols now support unauthenticated discovery) Testing: Will verify with test-agent.adcontextprotocol.org MCP endpoint
danf-newton
pushed a commit
to Newton-Research-Inc/salesagent
that referenced
this pull request
Nov 24, 2025
…dcontextprotocol#578) Allow get_principal_from_context() to work even when context=None by removing early return. The function can still detect tenant via get_http_headers() which uses FastMCP context variables internally. This fixes MCP calls to list_authorized_properties without authentication, matching the A2A behavior fixed in the previous commit. Before: context=None → early return (None, None) → tenant detection failed After: context=None → try get_http_headers() → detect tenant from Apx-Incoming-Host Impact: - MCP list_authorized_properties now works without auth token - Tenant detected from HTTP headers (Apx-Incoming-Host, Host, x-adcp-tenant) - Matches A2A behavior (both protocols now support unauthenticated discovery) Testing: Will verify with test-agent.adcontextprotocol.org MCP endpoint
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Completes the fix for test-agent.adcontextprotocol.org by enabling MCP
list_authorized_propertiesto work without authentication.This is the second part of the fix - PR #577 fixed A2A, this fixes MCP.
Problem
When
list_authorized_propertiesis called via MCP without an auth token:contextparameter isNoneget_principal_from_context()had early return whencontext=None→ returned(None, None)Solution
Remove the early return in
get_principal_from_context()whencontext=None:get_http_headers()uses FastMCP context variables internally, works without context object(None, tenant_context)for unauthenticated public discovery callsChanges
src/core/main.py:
if not context: return (None, None)get_http_headers()works via context varsImpact
list_authorized_propertiesnow works without authenticationTest Results (Expected)
Before:
After (both PRs):
publisher_domains✅ VERIFIEDpublisher_domains⏳ PENDING DEPLOYMENTRelated
get_http_headers(), just needed to remove guard🤖 Generated with Claude Code