Files
litellm/tests/test_litellm/proxy/_experimental
Ishaan Jaff 66eadfabe4 [Bug] Ensure MCP permissions are enforced when using JWT Auth (#20383)
* fix: enforce team MCP permissions when using JWT authentication

Root cause: When JWT auth was used with teams in groups (via team_ids_jwt_field),
the team's MCP permissions were not being enforced because:

1. The default team_allowed_routes did not include mcp_routes
2. allowed_routes_check() failed for MCP endpoints like /mcp/tools/list
3. find_team_with_model_access() skipped the team due to failed route check
4. team_id was None in UserAPIKeyAuth
5. MCPRequestHandler._get_allowed_mcp_servers_for_team() returned empty list

Fix: Add 'mcp_routes' to the default team_allowed_routes in LiteLLM_JWTAuth.

This ensures that teams can access MCP endpoints by default, allowing the
team's MCP server permissions to be properly enforced.

Added tests:
- test_reproduce_jwt_mcp_enforcement_issue: Reproduces the exact bug scenario
- test_verify_mcp_routes_in_default_team_allowed_routes: Verifies fix
- test_mcp_route_check_passes_for_team: Verifies route check works

Co-authored-by: ishaan <ishaan@berri.ai>

* test: add comprehensive E2E tests for JWT + team MCP permission enforcement

Added tests:
- test_e2e_jwt_team_mcp_permissions_enforced: Full E2E test verifying JWT auth
  with teams in groups properly sets team_id and MCPRequestHandler returns
  the team's MCP servers
- test_e2e_jwt_without_team_no_mcp_servers: Verifies no MCP servers returned
  when JWT has no teams
- test_e2e_jwt_team_mcp_key_intersection: Verifies intersection logic when
  both key and team have MCP permissions (result = intersection)

These tests verify the complete flow:
1. JWT token with team in groups field
2. JWT auth properly sets team_id on UserAPIKeyAuth
3. MCPRequestHandler.get_allowed_mcp_servers() returns team's MCP servers
4. Key/team permission intersection works correctly

Co-authored-by: ishaan <ishaan@berri.ai>

* test: add simple tests for JWT + MCP permission enforcement

Simple, focused tests that validate:
1. test_simple_jwt_mcp_permissions_enforced: JWT user with team gets team's MCP servers
2. test_simple_jwt_no_team_no_mcp_servers: JWT user without team gets no MCP servers
3. test_simple_jwt_team_id_required_for_mcp_permissions: Verifies team_id is required
4. test_jwt_auth_sets_team_id_for_mcp_route: JWT auth sets team_id for MCP routes

These tests directly verify the core MCP permission enforcement logic works
when using JWT authentication with teams.

Co-authored-by: ishaan <ishaan@berri.ai>

* Add test: MCP route without model still returns team_id

Co-authored-by: ishaan <ishaan@berri.ai>

* Add 2 debug logs for JWT+MCP troubleshooting

- handle_jwt.py: Log team route check result (team_id, route, is_allowed)
- user_api_key_auth_mcp.py: Log team_id when looking up MCP permissions

Co-authored-by: ishaan <ishaan@berri.ai>

---------

Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: ishaan <ishaan@berri.ai>
2026-02-03 19:13:13 -08:00
..