`verify_key` to secure the FastMCP server

[jhgoebbert]

Hello everyone,

Thank you for this great extension enabling ai-agents in JupyterLab!
Hundreds of users at our supercomputing site are using JupyterLab everday.
We are looking into Jupyter-AI to see if/how we can provide this to our users, too.

I see one critical issue with jupyter-server-mcp at the moment.
Currently the FastMCP server can be accessed/used without the need of any token/key.
In a multi-user environment this would introduce a security problem.

If multiple JupyterLabs of different users run their comprehensive jupyter-ai setup including jupyter-server-mcp each setup would start a FastMCP server on a dedicated port. Knowing that port would make it possible to run code in the name of that user.

Would it be an idea to add a verify_key call in _run_http_async_without_signals

from fastapi import Depends, Header, HTTPException
    
    async def verify_key(x_mcp_key: str = Header(...)):
        if x_mcp_key != "your-secret-key":
            raise HTTPException(status_code=403, detail="Unauthorized")
        return x_mcp_key

    app.dependencies.append(Depends(verify_key))

This key would be set randomly on startup and passed to the ai-agents so that they could include them in their configuration when accessing the MCP.

[jhgoebbert]

I just came across this on MCP and security:
https://cefboud.com/posts/mcp-oauth2-security-authorization/

[jhgoebbert]

By chance I came across this PR which added authentication to jupyter-mcp-server: datalayer/jupyter-mcp-server#232

[dlamoris]

Also would be very interested in whether exposing the mcp endpoint in a jupyterhub environment can be considered, similar to https://jupyter-mcp-server.datalayer.tech/providers/jupyterhub-streamable-http/ - that mounts a mcp endpoint to each user's jupyter instance and can reuse jupyterhub token auth for security