Hello everyone,
I’m currently testing the mixed authentication mode of ChatGPT App, where some tools don’t require OAuth, but others do. I’ve followed the implementation guidelines, but I noticed that when I add the app for testing and select Mixed as the authentication mode, the authentication UI is triggered immediately.
Is this the expected behavior? I was under the impression that the OAuth UI would only appear when a user attempts to use a tool configured with an OAuth2 securityScheme.
Any clarification would be appreciated.
I noticed the same thing. Just select None (No Auth) and it will work just fine.
Thanks for the insight. Have you been able to finish the authentication and tool calling? I find in this mode, there isn’t auth token attached in the request header.
Yes it works. The trick is in the meta data. Let me check my code.
For unauthenticated tool calls, use the “nouath” value in your securitySchemes array when defining the Tool.
securitySchemes = [
{
"type": "noauth",
"scopes": []
},
],
For authenicated calls
securitySchemes = [
{
"type": "oauth2",
"scopes": []
},
],
Once you are inside the tool call method, you can get the bearer token like this:
request_context = mcp._mcp_server.request_context
request = getattr(request_context, "request", None)
headers = getattr(request, "headers", None)
header_value = headers.get("Authorization")
header_value = header_value.strip()
token = header_value[7:].strip()
Of course, once you have the token, you’ll need to verify it.
Hey guys! Just to help you with it. When you add the app it for some reason triggers the authentication flow, but if you disconnect the app and connect again (which would be the flow that the user would do) you will be able to connect without authenticating. This way you can reproduce a user using you app as a guest