From 13ed655ecb7b73e9ce37a22ea07a171db517cf64 Mon Sep 17 00:00:00 2001 From: yonigottesman Date: Fri, 2 May 2025 14:06:44 +0300 Subject: [PATCH] When no authorization is required dont fail on missing user scope --- src/mcp/server/auth/middleware/bearer_auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mcp/server/auth/middleware/bearer_auth.py b/src/mcp/server/auth/middleware/bearer_auth.py index 295605af7..a16ed3f63 100644 --- a/src/mcp/server/auth/middleware/bearer_auth.py +++ b/src/mcp/server/auth/middleware/bearer_auth.py @@ -74,7 +74,7 @@ def __init__(self, app: Any, required_scopes: list[str]): async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None: auth_user = scope.get("user") - if not isinstance(auth_user, AuthenticatedUser): + if not isinstance(auth_user, AuthenticatedUser) and self.required_scopes: raise HTTPException(status_code=401, detail="Unauthorized") auth_credentials = scope.get("auth")