Skip to content

Document Bearer Token auth for remote MCP servers#843

Open
peppescg wants to merge 5 commits intomainfrom
doc-bearer-token-auth
Open

Document Bearer Token auth for remote MCP servers#843
peppescg wants to merge 5 commits intomainfrom
doc-bearer-token-auth

Conversation

@peppescg
Copy link
Copy Markdown
Contributor

@peppescg peppescg commented May 5, 2026
edited
Loading

Summary

  • Add Bearer Token authentication documentation to the remote MCP server configuration sections (both add and edit flows) in run-mcp-servers.mdx
  • Add a Bearer Token example (using Brave Search) to the remote auth examples partial
  • Update transition text to reflect all four auth methods (Auto-Discovered, Bearer Token, OAuth2, OIDC)
  • Clarify that Bearer Token sends an Authorization: Bearer <token> header specifically, and that servers expecting other headers (e.g. X-API-Key) should use Custom headers
  • Add missing PKCE option to OAuth2 fields in the custom remote MCP section for consistency with the registry remote MCP section

Closes #767

Test plan

  • Verify the Bearer Token section renders correctly on the "Run MCP servers" page
  • Verify the Bearer Token example appears in the collapsible auth examples
  • Confirm field descriptions match the ToolHive Studio UI
  • Confirm OAuth2 fields (including PKCE) are consistent between registry and custom remote sections

🤖 Generated with Claude Code

@peppescg @claude
Document Bearer Token auth for remote MCP servers
a3c15c3 
Closes #767

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings May 5, 2026 17:19
@vercel
Copy link
Copy Markdown

vercel Bot commented May 5, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs-website Ready Ready Preview, Comment May 6, 2026 11:19am

Request Review

@peppescg peppescg self-assigned this May 5, 2026
Copilot AI reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the ToolHive UI documentation to cover Bearer Token authentication for remote MCP servers, aligning the “Run MCP servers” guide and its remote-auth examples with the four authorization methods available in ToolHive Studio.

Changes:

  • Adds a Bearer Token subsection to both the “add remote MCP server” and “edit/custom remote MCP server” authorization method flows in run-mcp-servers.mdx.
  • Adds a new remote auth example showing Bearer Token configuration (Brave Search) in the shared examples partial.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
docs/toolhive/guides-ui/run-mcp-servers.mdx Documents Bearer Token auth selection and its required field(s) in both remote MCP configuration flows.
docs/toolhive/_partials/_remote-mcp-auth-examples.mdx Adds a Bearer Token authentication example to the collapsible remote auth examples section.

Comment thread docs/toolhive/guides-ui/run-mcp-servers.mdx
Comment thread docs/toolhive/guides-ui/run-mcp-servers.mdx
@peppescg @claude
Clarify Bearer Token secret storage description
94bb7fd 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@peppescg @claude
Clarify secret storage description for OAuth2 and OIDC
6a31562 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@peppescg peppescg marked this pull request as ready for review May 5, 2026 17:34
@peppescg peppescg requested a review from Copilot May 5, 2026 17:35
Copilot AI reviewed May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

Comment thread docs/toolhive/guides-ui/run-mcp-servers.mdx Outdated
Comment thread docs/toolhive/guides-ui/run-mcp-servers.mdx Outdated
Comment thread docs/toolhive/_partials/_remote-mcp-auth-examples.mdx Outdated
Comment thread docs/toolhive/_partials/_remote-mcp-auth-examples.mdx Outdated
@peppescg @claude
Clarify Bearer Token is for Authorization header only
b1dab17 
Tighten wording to specify that Bearer Token auth sends an
Authorization: Bearer header, and that servers expecting different
headers (e.g. X-API-Key) should use Custom headers instead.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@peppescg peppescg requested a review from Copilot May 6, 2026 08:22
Copilot AI reviewed May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

Comment thread docs/toolhive/guides-ui/run-mcp-servers.mdx
@peppescg @claude
Add missing PKCE option to custom remote OAuth2 docs
b148453 
The PKCE toggle is available in the UI for OAuth2 in both registry
and custom remote flows, but was only documented for registry.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@peppescg peppescg

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Gap]: Document Bearer Token auth for remote MCP servers

2 participants

@peppescg