Skip to content

Add Proc and Array support for auth_token#175

Open
kpheasey wants to merge 5 commits into
yjacquin:mainfrom
MSPCFO:multi-token-authentication
Open

Add Proc and Array support for auth_token#175
kpheasey wants to merge 5 commits into
yjacquin:mainfrom
MSPCFO:multi-token-authentication

Conversation

@kpheasey

@kpheasey kpheasey commented Apr 29, 2026
edited
Loading

Copy link
Copy Markdown

Summary

  • Allow auth_token to accept a Proc (evaluated once at initialization) in addition to a static string, enabling dynamic token resolution from environment variables or secrets managers
  • Allow auth_token to accept an Array of Strings, so multiple valid tokens can authenticate against the same server
  • Add 15 RSpec tests covering Proc (single string, array, and nil return values) and Array token validation
  • Update all documentation, YARD docstrings, examples, and generator templates to reflect the new accepted types

Motivation

In production deployments, it's common to need multiple valid API tokens (e.g., during token rotation, or when multiple clients each have their own token). It's also useful to resolve tokens dynamically from environment variables or a secrets manager rather than hardcoding them. This change enables both patterns with minimal API surface change.

Changes

  • lib/mcp/transports/authenticated_rack_transport.rb — Resolve Proc at init, check Array via include?
  • spec/mcp/transports/authenticated_rack_transport_spec.rb — 15 new tests (38 total, all passing)
  • README.md, docs/security.md — Expanded authentication docs with examples
  • lib/fast_mcp.rb — Updated YARD @option docstrings
  • examples/authenticated_rack_middleware.rb — Added usage comments
  • examples/rails-demo-app/config/initializers/fast_mcp.rb — Updated comment
  • lib/generators/fast_mcp/install/templates/fast_mcp_initializer.rb — Updated generator template

Usage

# Static token (existing behavior, unchanged)
auth_token: 'your-secret-token'

# Multiple valid tokens
auth_token: ['token-one', 'token-two']

# Proc evaluated at initialization
auth_token: -> { ENV.fetch('MCP_AUTH_TOKENS').split(',') }

Test plan

  • All 38 authenticated_rack_transport specs pass (23 existing + 15 new)
  • Proc returning a single string resolves and authenticates correctly
  • Proc returning an array resolves and validates any token in the array
  • Proc returning nil disables authentication
  • Array token accepts any valid token and rejects invalid ones
  • Existing single-string token behavior is unchanged

kpheasey and others added 5 commits September 17, 2025 10:28
@kpheasey @claude
Add support for Proc and Array auth tokens in AuthenticatedRackTransport
7313d0d 
- Initialize method now evaluates Proc auth tokens and stores result
- valid_token? method checks for token existence in Array auth tokens
- Maintains backward compatibility with existing string tokens

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@kpheasey
ignore IDE files
ebf8ee9
@kpheasey
Merge branch 'main' into multi-token-authentication
3105e6b
@kpheasey @claude
Add tests for Proc and Array auth_token support
4d86e7f 
Cover the multi-token authentication changes: Proc resolution at
initialization (single string, array, and nil return values) and
Array-based token validation via include? matching.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@kpheasey @claude
Document auth_token support for Proc and Array values
8364bf6 
Update all documentation, YARD docstrings, examples, and generator
templates to reflect that auth_token accepts a String, Array of Strings,
or a Proc that returns either.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kpheasey