Authentication when calling tools

[jfdenise]

Pre-submission Checklist

• I have verified this would not be more appropriate as a feature request in a specific repository
• I have searched existing discussions to avoid duplicates

Your Idea

It is very common to provide credentials (eg: user name, password) when interacting with a tool. We need a way to avoid such credentials to appear in the chat history.
Some ideas:

• Define MCP server Tool argument of type UserName/Password, Token, ... So we could type the argument to be in the "secret" category.
• The chat to prompt the user and store the credentials.
• The chat could allow to create named secrets.
• The chat could provide a list of known named secrets to the user when calling a tool, user would then select the one to use for this specific tool call.

This seems needed both at the server side and client side + claude UI.
Thank-you.

Scope

• Protocol Specification
• SDK Features
• Documentation
• Developer Experience
• Other

[tadasant]

This is being addressed via OAuth: modelcontextprotocol/specification#133

[JoshMayerr]

I built a simple utility that lets you sync your browser auth to any local MCP server that's running: https://github.com/JoshMayerr/passport-mcp

So auth is theoretically taken care of for any website that you already have logged into on your browser. (this obviously doesn't work for remote MCP servers)