From 1ebc3ab04e6d713256ce526d089c37560d062aad Mon Sep 17 00:00:00 2001 From: Tim O'Farrell Date: Fri, 17 Oct 2025 10:32:36 -0600 Subject: [PATCH] Fix FastMCP authentication API breaking change (#11416) Co-authored-by: openhands --- openhands/runtime/mcp/proxy/manager.py | 15 +++++++++++++-- poetry.lock | 4 ++-- pyproject.toml | 2 +- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/openhands/runtime/mcp/proxy/manager.py b/openhands/runtime/mcp/proxy/manager.py index e3c0c675ca..a9234de30b 100644 --- a/openhands/runtime/mcp/proxy/manager.py +++ b/openhands/runtime/mcp/proxy/manager.py @@ -10,6 +10,7 @@ from typing import Any, Optional from anyio import get_cancelled_exc_class from fastapi import FastAPI from fastmcp import FastMCP +from fastmcp.server.auth import StaticTokenVerifier from fastmcp.utilities.logging import get_logger as fastmcp_get_logger from openhands.core.config.mcp_config import MCPStdioServerConfig @@ -59,11 +60,21 @@ class MCPProxyManager: ) return None + # Create authentication provider if auth is enabled + auth_provider = None + if self.auth_enabled and self.api_key: + # Use StaticTokenVerifier for simple API key authentication + auth_provider = StaticTokenVerifier( + {self.api_key: {'client_id': 'openhands', 'scopes': []}} + ) + logger.info('FastMCP Proxy authentication enabled') + else: + logger.info('FastMCP Proxy authentication disabled') + # Create a new proxy with the current configuration self.proxy = FastMCP.as_proxy( self.config, - auth_enabled=self.auth_enabled, - api_key=self.api_key, + auth=auth_provider, ) logger.info('FastMCP Proxy initialized successfully') diff --git a/poetry.lock b/poetry.lock index 7c4ecdf4f0..f563ac871a 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 2.1.4 and should not be changed by hand. +# This file is automatically @generated by Poetry 2.2.1 and should not be changed by hand. [[package]] name = "aiofiles" @@ -12608,4 +12608,4 @@ third-party-runtimes = ["daytona", "e2b-code-interpreter", "modal", "runloop-api [metadata] lock-version = "2.1" python-versions = "^3.12,<3.14" -content-hash = "6973cf1c9ccb0d6926006697ae4863bcd0ab740a88f09fc17c205e016782cf77" +content-hash = "38201ae2a56788a893231d07f66974285f3cd70b670aa1d0e36374e3febf03b9" diff --git a/pyproject.toml b/pyproject.toml index 5f587d382f..00725dcd7a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -73,7 +73,7 @@ prompt-toolkit = "^3.0.50" poetry = "^2.1.2" anyio = "4.9.0" pythonnet = "*" -fastmcp = "^2.5.2" +fastmcp = "^2.12.4" # Note: 2.12.0+ has breaking auth API changes python-frontmatter = "^1.1.0" shellingham = "^1.5.4" # TODO: Should these go into the runtime group?