Skip to content

Create North Auth Provider for General FastMCP Usage #41

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
JoshBragg-Cohere wants to merge 10 commits into
base: main
Choose a base branch
from
Draft

Create North Auth Provider for General FastMCP Usage #41

JoshBragg-Cohere wants to merge 10 commits into from
+3,758 −613

Conversation

@JoshBragg-Cohere
Copy link
Contributor

@JoshBragg-Cohere JoshBragg-Cohere commented Feb 10, 2026

Design Document: https://www.notion.so/cohereai/MCP-North-Auth-Provider-3024398375db80398ce3e8e7ab828604

Changes:

  • Updated dependencies
    • mcp -> fastmcp: changed dependency to ensure fastmcp imports were available (necessary for authprovider)
      • asgi-lifespan: required for tests
      • ruff: required for linting
  • src/north_mcp_python_sdk/__init__.py
    • Changed NorthMCPServer to use FastMCP server as superclass
    • Updated initialization to use NorthTokenVerifier auth provider (this provider automatically applies middleware, so removed the manual middleware injection)
  • src/north_mcp_python_sdk/auth.py
    • Fixed linting issues
    • Marked get_authenticated_user as deprecated (subject to change in design doc)
    • Implementation of get_authenticated_user now creates a user object from the access token
    • Removed AuthContextMiddleware (no longer required to attach user to context, instead use built in access token dependency injection)
    • Updated _parse_connector_tokens to use implementation from feat: FastMCPNorthMiddleware for easier FastMCP integration #29
    • _create_authenticated_user now creates a base AuthenticatedUser instead of custom AuthenticatedNorthUser
    • Marked server secrets and connector access tokens as deprecated (subject to change in design doc)
    • Implemented NorthTokenVerifier
      • Class implements FastMCP AuthProvider pattern
      • Provides necessary middleware with NorthAuthBackend used to handle key authentication
      • verify_token method is required to be defined from superclass, but in our implementation the auth backend does not call the token verifier function and instead implements this itself
  • Updated unit tests to run on new codebase

raphael-cohere
raphael-cohere reviewed Feb 11, 2026
View reviewed changes
src/north_mcp_python_sdk/__init__.py


class NorthMCPServer(FastMCP):
_server_secret: str | None
Copy link
Collaborator

@raphael-cohere raphael-cohere Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What are these for? Why are we defining class variables here?

Copy link
Contributor Author

@JoshBragg-Cohere JoshBragg-Cohere Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added these to address the linter issues I was seeing. Type annotation for attribute '_server_secret' is required because this class is not decorated with '@final'

image

If we don't want to strictly define these types, we can look to remove it. I can also look to lessen my pyright strictness level.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@raphael-cohere raphael-cohere raphael-cohere left review comments

@speterkins speterkins Awaiting requested review from speterkins

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JoshBragg-Cohere @raphael-cohere