OAuth endpoints for servers mounted on FastAPI custom routes

[keurcien]

I'm building a MCP server using Google as my OAuth Provider (e.g to read mails). Ideally, I would like to mount it on an existing FastAPI server.

import os
from fastapi import FastAPI
from fastmcp import FastMCP, Context
from fastmcp.server.auth.providers.google import GoogleProvider
from fastmcp.server.dependencies import get_access_token
from dotenv import load_dotenv


load_dotenv()


auth = GoogleProvider(
    client_id=os.getenv("GOOGLE_CLIENT_ID"),
    client_secret=os.getenv("GOOGLE_CLIENT_SECRET"),
    base_url="http://localhost:8000",
    required_scopes=[
        "openid",
        "https://www.googleapis.com/auth/userinfo.email",
        "https://www.googleapis.com/auth/gmail.readonly",
    ],
)


mcp = FastMCP(name="Gmail MCP Server", auth=auth)


@mcp.tool
async def get_user_info() -> dict:
    """Returns information about the authenticated Google user."""
    from fastmcp.server.dependencies import get_access_token
    
    token = get_access_token()
    # The GoogleProvider stores user data in token claims
    return {
        "google_id": token.claims.get("sub"),
        "email": token.claims.get("email"),
        "name": token.claims.get("name"),
        "picture": token.claims.get("picture"),
        "locale": token.claims.get("locale")
    }

mcp_app = mcp.http_app(path='/mcp')
app = FastAPI(title="Gmail MCP Server", lifespan=mcp_app.lifespan)
app.mount("/gmail", mcp_app)

I know the problem is not from fastmcp, but rather from the MCP specification for endpoint discovery. But when mounting an OAuth protected server on a subroute, OAuth endpoints are not properly targeted (e.g putting the "/gmail/mcp" at the end of the well-known endpoints). I don't know why the clients do not try the resource URL from which "/mcp" is removed? Or am I missing something?