Fix the issue of get Authorization header fails during bearer auth (#637)

Co-authored-by: yangben <yangben@zhihu.com>
2025-12-19 14:54:24 +01:00 · 2025-05-08 00:42:02 +08:00
parent 9d99aee014
commit a1307abded
2 changed files with 70 additions and 2 deletions
--- a/src/mcp/server/auth/middleware/bearer_auth.py
+++ b/src/mcp/server/auth/middleware/bearer_auth.py
@@ -34,8 +34,15 @@ class BearerAuthBackend(AuthenticationBackend):
        self.provider = provider

    async def authenticate(self, conn: HTTPConnection):
-        auth_header = conn.headers.get("Authorization")
-        if not auth_header or not auth_header.startswith("Bearer "):
+        auth_header = next(
+            (
+                conn.headers.get(key)
+                for key in conn.headers
+                if key.lower() == "authorization"
+            ),
+            None,
+        )
+        if not auth_header or not auth_header.lower().startswith("bearer "):
            return None

        token = auth_header[7:]  # Remove "Bearer " prefix