MCP Server Box

Overview Inspect Schema Related Servers Score Discussions

auth_token.py•2.7 kB

import logging from typing import Optional from fastapi import status from starlette.responses import JSONResponse from config import McpAuthConfig logger = logging.getLogger(__name__) def auth_validate_token(scope, config: "McpAuthConfig") -> Optional[JSONResponse]: """ Validate if the auth token is properly configured. Args: scope: ASGI scope containing request information config: McpAuthConfig containing the expected auth token Returns: Optional[JSONResponse]: Error response if validation fails, None if successful """ path = scope["path"] logger.debug(f"Token validation processing: {scope['method']} {path}") expected_token = config.auth_token # Extract authorization header headers = dict(scope.get("headers", [])) auth_header = headers.get(b"authorization", b"").decode("utf-8") # Validate authentication response = None if not expected_token: logger.error("BOX_MCP_SERVER_AUTH_TOKEN not configured") response = JSONResponse( content={ "error": "invalid_token", "error_description": "Server authentication not properly configured", }, status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, ) elif not auth_header: logger.warning( f"[Token] Missing authorization header for {scope['method']} {path}" ) response = JSONResponse( content={ "error": "invalid_request", "error_description": "Missing Authorization header", }, status_code=status.HTTP_401_UNAUTHORIZED, ) elif not auth_header.startswith("Bearer "): logger.warning("[Token] Invalid authorization header format") response = JSONResponse( content={ "error": "invalid_request", "error_description": "Authorization header must use Bearer scheme", }, status_code=status.HTTP_401_UNAUTHORIZED, ) else: token = auth_header.replace("Bearer ", "") if token != expected_token: logger.warning(f"[Token] Invalid token for {scope['method']} {path}") response = JSONResponse( content={ "error": "invalid_token", "error_description": "The access token is invalid or expired", }, status_code=status.HTTP_401_UNAUTHORIZED, ) else: logger.debug( f"[Token] Token authentication successful for {scope['method']} {path}" ) return None return response

Latest Blog Posts

Model Context Protocol Proxies: Enabling Enterprise Control with Virtual MCPs
By Om-Shree-0709 on December 9, 2025.
AI Security
Virtual MCP
Kubernetes Operator
The State of MCP in 2025: Who's Building What and Why It Matters
By punkpeye on December 7, 2025.
mcp
startups
MCP hosting with persistent storage
By punkpeye on December 6, 2025.
changelog

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/box-community/mcp-server-box'

If you have feedback or need assistance with the MCP directory API, please join our Discord server