MCP Streamable HTTP Transport Auth Issue

General
,
1

Hello everyone,

I’m having an issue with the following scenario and would appreciate any feedback or suggestions.

Background
I’m following the official documentation for FastMCP’s Bearer authentication:
https://gofastmcp.com/servers/auth/bearer

I set up a test MCP server as follows:

from fastmcp import FastMCP
from fastmcp.server.auth import BearerAuthProvider
from fastmcp.server.auth.providers.bearer import RSAKeyPair

# Generate a new key pair
key_pair = RSAKeyPair.generate()

# Configure the auth provider with the public key
auth = BearerAuthProvider(
    public_key=key_pair.public_key,
    issuer="https://dev.example.com",
    audience="my-dev-server"
)

# Initialize the MCP server
mcp = FastMCP(name="Development Server", auth=auth)

Then, in my Agent code, I generate a token and configure the client:

from fastmcp.server.auth.providers.bearer import RSAKeyPair
from fastmcp.client.http import StreamableHTTPClientParams
from fastmcp.tools import MCPTools

# Generate another key pair for the client (actually should use the same one?)
key_pair = RSAKeyPair.generate()

# Create a test JWT
token = key_pair.create_token(
    subject="dev-user",
    issuer="https://dev.example.com",
    audience="my-dev-server",
    scopes=["read", "write"]
)

# Prepare HTTP client parameters with the Bearer token
server_params = StreamableHTTPClientParams(
    url=MY_MCP_URL,
    headers={
        "Authorization": f"Bearer {token}",
    }
)

# Use the MCPTools context
async with MCPTools(server_params=server_params) as mcp_tools:
    # …perform calls…

Problem
Whenever I run the agent, I receive immediately :

401 Unauthorized

Any suggestion?

Thanks in advance for your help!

2

Hi @NTTLuke
thanks for reaching out and supporting Agno. I’ve shared this with the team, we’re working through all requests one by one and will get back to you soon.
If it’s urgent, please let us know. We appreciate your patience!

3

Hey @NTTLuke! Based on the code you shared, you seem to be creating two different key pairs. One in the file where you set your MCP server, and a new one in the file where you set your Agent.
You need to be using the same one for the auth process to work.

You will first setup the MCP server, so from the other file (the one where you set your Agent), you should be importing the key pair used for the MCP server.

Let me know if this helps or if I can do anything else for you! And thanks for using Agno!