auth_status
Check authentication status on CyberMCP to identify vulnerabilities such as bypasses, injection attacks, or data leaks in APIs.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Implementation Reference
- src/tools/authentication.ts:197-235 (handler)The handler function that executes the logic for the 'auth_status' tool. It retrieves the current authentication state using AuthManager and constructs a detailed status message based on the auth type, including token details, expiry, and headers.
async () => { const authManager = AuthManager.getInstance(); const authState = authManager.getAuthState(); let statusText = ""; if (authState.type === 'none') { statusText = "No authentication configured. Use basic_auth, token_auth, oauth2_auth, or api_login to authenticate."; } else { statusText = `Current authentication type: ${authState.type}\n`; if (authState.type === 'basic') { statusText += `Username: ${authState.username}\n`; statusText += `Authentication header: Authorization: Basic ***\n`; } else if (authState.type === 'token' || authState.type === 'oauth2') { statusText += `Token: ${authState.token?.substring(0, 10)}***\n`; if (authState.refreshToken) { statusText += `Refresh token: Available\n`; } if (authState.tokenExpiry) { const now = new Date(); const isExpired = now > authState.tokenExpiry; statusText += `Token expires: ${authState.tokenExpiry.toISOString()} (${isExpired ? 'EXPIRED' : 'Valid'})\n`; } if (authState.headers) { statusText += `Authentication headers: ${Object.keys(authState.headers).join(', ')}\n`; } } } return { content: [ { type: "text", text: statusText, }, ], }; } - src/tools/authentication.ts:194-236 (registration)Registration of the 'auth_status' tool in the registerAuthenticationTools function using server.tool(). Includes empty input schema (no parameters) and references the inline handler.
server.tool( "auth_status", {}, async () => { const authManager = AuthManager.getInstance(); const authState = authManager.getAuthState(); let statusText = ""; if (authState.type === 'none') { statusText = "No authentication configured. Use basic_auth, token_auth, oauth2_auth, or api_login to authenticate."; } else { statusText = `Current authentication type: ${authState.type}\n`; if (authState.type === 'basic') { statusText += `Username: ${authState.username}\n`; statusText += `Authentication header: Authorization: Basic ***\n`; } else if (authState.type === 'token' || authState.type === 'oauth2') { statusText += `Token: ${authState.token?.substring(0, 10)}***\n`; if (authState.refreshToken) { statusText += `Refresh token: Available\n`; } if (authState.tokenExpiry) { const now = new Date(); const isExpired = now > authState.tokenExpiry; statusText += `Token expires: ${authState.tokenExpiry.toISOString()} (${isExpired ? 'EXPIRED' : 'Valid'})\n`; } if (authState.headers) { statusText += `Authentication headers: ${Object.keys(authState.headers).join(', ')}\n`; } } } return { content: [ { type: "text", text: statusText, }, ], }; } ); - src/utils/authManager.ts:74-76 (helper)The getAuthState() method of AuthManager class, which is called by the auth_status handler to obtain the current authentication state object.
public getAuthState(): AuthState { return { ...this.authState }; } - src/tools/index.ts:13-13 (registration)High-level registration call in registerSecurityTools that invokes registerAuthenticationTools, which registers the auth_status tool among others.
registerAuthenticationTools(server); - src/utils/authManager.ts:6-15 (helper)AuthState interface defining the structure of authentication state used by getAuthState() and processed in the auth_status handler.
export interface AuthState { type: 'token' | 'oauth2' | 'basic' | 'none'; token?: string; refreshToken?: string; tokenExpiry?: Date; username?: string; password?: string; // Note: In a production app, we'd use more secure storage oauthTokens?: any; headers?: Record<string, string>; }