MCP Servers often need to talk with an external API that requires user authentication.
While sophisticated authentication and authorization are preferred, a first simple approach is to allow users to pass the API Token via a header to the Tool. This could be the Authorization header. However, as this may already be used for the authentication at the MCP Server (or Gateway), we'll use X-External-Token instead.
In a follow-up issue, we'll make this more configurable, but for this task, it should be the static header that is always passed to all connected MCP Servers and all Sub-Agents.
This can be done by hooking into the ADK, capturing the header from the intial A2A request, store it in the session (at a secure location, where the agent can not retrieve it) and inject it when calling a remote MCP Tool.
MCP Servers often need to talk with an external API that requires user authentication.
While sophisticated authentication and authorization are preferred, a first simple approach is to allow users to pass the API Token via a header to the Tool. This could be the
Authorizationheader. However, as this may already be used for the authentication at the MCP Server (or Gateway), we'll useX-External-Tokeninstead.In a follow-up issue, we'll make this more configurable, but for this task, it should be the static header that is always passed to all connected MCP Servers and all Sub-Agents.
This can be done by hooking into the ADK, capturing the header from the intial A2A request, store it in the session (at a secure location, where the agent can not retrieve it) and inject it when calling a remote MCP Tool.