diff --git a/docs/my-website/docs/mcp.md b/docs/my-website/docs/mcp.md index 9fd803f434..408560e5c0 100644 --- a/docs/my-website/docs/mcp.md +++ b/docs/my-website/docs/mcp.md @@ -1221,7 +1221,6 @@ curl --location 'http://localhost:4000/github_mcp/mcp' \ LiteLLM v 1.77.6 added support for OAuth 2.0 Client Credentials for MCP servers. - This configuration is currently available on the config.yaml, with UI support coming soon. ```yaml @@ -1235,6 +1234,71 @@ mcp_servers: [**See Claude Code Tutorial**](./tutorials/claude_responses_api#connecting-mcp-servers) +### How It Works + +```mermaid +sequenceDiagram + participant Browser as User-Agent (Browser) + participant Client as Client + participant LiteLLM as LiteLLM Proxy + participant MCP as MCP Server (Resource Server) + participant Auth as Authorization Server + + Note over Client,LiteLLM: Step 1 – Resource discovery + Client->>LiteLLM: GET /.well-known/oauth-protected-resource/{mcp_server_name}/mcp + LiteLLM->>Client: Return resource metadata + + Note over Client,LiteLLM: Step 2 – Authorization server discovery + Client->>LiteLLM: GET /.well-known/oauth-authorization-server/{mcp_server_name} + LiteLLM->>Client: Return authorization server metadata + + Note over Client,Auth: Step 3 – Dynamic client registration + Client->>LiteLLM: POST /{mcp_server_name}/register + LiteLLM->>Auth: Forward registration request + Auth->>LiteLLM: Issue client credentials + LiteLLM->>Client: Return client credentials + + Note over Client,Browser: Step 4 – User authorization (PKCE) + Client->>Browser: Open authorization URL + code_challenge + resource + Browser->>Auth: Authorization request + Note over Auth: User authorizes + Auth->>Browser: Redirect with authorization code + Browser->>LiteLLM: Callback to LiteLLM with code + LiteLLM->>Browser: Redirect back with authorization code + Browser->>Client: Callback with authorization code + + Note over Client,Auth: Step 5 – Token exchange + Client->>LiteLLM: Token request + code_verifier + resource + LiteLLM->>Auth: Forward token request + Auth->>LiteLLM: Access (and refresh) token + LiteLLM->>Client: Return tokens + + Note over Client,MCP: Step 6 – Authenticated MCP call + Client->>LiteLLM: MCP request with access token + LiteLLM API key + LiteLLM->>MCP: MCP request with Bearer token + MCP-->>LiteLLM: MCP response + LiteLLM-->>Client: Return MCP response +``` + +**Participants** + +- **Client** – The MCP-capable AI agent (e.g., Claude Code, Cursor, or another IDE/agent) that initiates OAuth discovery, authorization, and tool invocations on behalf of the user. +- **LiteLLM Proxy** – Mediates all OAuth discovery, registration, token exchange, and MCP traffic while protecting stored credentials. +- **Authorization Server** – Issues OAuth 2.0 tokens via dynamic client registration, PKCE authorization, and token endpoints. +- **MCP Server (Resource Server)** – The protected MCP endpoint that receives LiteLLM’s authenticated JSON-RPC requests. +- **User-Agent (Browser)** – Temporarily involved so the end user can grant consent during the authorization step. + +**Flow Steps** + +1. **Resource Discovery**: The client fetches MCP resource metadata from LiteLLM’s `.well-known/oauth-protected-resource` endpoint to understand scopes and capabilities. +2. **Authorization Server Discovery**: The client retrieves the OAuth server metadata (token endpoint, authorization endpoint, supported PKCE methods) through LiteLLM’s `.well-known/oauth-authorization-server` endpoint. +3. **Dynamic Client Registration**: The client registers through LiteLLM, which forwards the request to the authorization server (RFC 7591). If the provider doesn’t support dynamic registration, you can pre-store `client_id`/`client_secret` in LiteLLM (e.g., GitHub MCP) and the flow proceeds the same way. +4. **User Authorization**: The client launches a browser session (with code challenge and resource hints). The user approves access, the authorization server sends the code through LiteLLM back to the client. +5. **Token Exchange**: The client calls LiteLLM with the authorization code, code verifier, and resource. LiteLLM exchanges them with the authorization server and returns the issued access/refresh tokens. +6. **MCP Invocation**: With a valid token, the client sends the MCP JSON-RPC request (plus LiteLLM API key) to LiteLLM, which forwards it to the MCP server and relays the tool response. + +See the official [MCP Authorization Flow](https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization#authorization-flow-steps) for additional reference. + ## Using your MCP with client side credentials Use this if you want to pass a client side authentication token to LiteLLM to then pass to your MCP to auth to your MCP. diff --git a/litellm/proxy/_experimental/mcp_server/mcp_server_manager.py b/litellm/proxy/_experimental/mcp_server/mcp_server_manager.py index 1e301c9589..94bfb9a500 100644 --- a/litellm/proxy/_experimental/mcp_server/mcp_server_manager.py +++ b/litellm/proxy/_experimental/mcp_server/mcp_server_manager.py @@ -823,7 +823,7 @@ class MCPServerManager: try: client = get_async_httpx_client( llm_provider=httpxSpecialProvider.MCP, - params={"timeout": 10.0, "follow_redirects": True}, + params={"timeout": 10.0}, ) response = await client.get(resource_metadata_url) response.raise_for_status() @@ -919,7 +919,7 @@ class MCPServerManager: try: client = get_async_httpx_client( llm_provider=httpxSpecialProvider.MCP, - params={"timeout": 10.0, "follow_redirects": True}, + params={"timeout": 10.0}, ) response = await client.get(url) response.raise_for_status()