control on whom should have access to my mcp server #1290
suhasdhoke92
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I deployed the MCP server using your implementation to interact with Jira. Currently, access is driven by the BYOT model, which means any user with a valid token can potentially interact with the MCP.
I need stricter access control over who is allowed to use my MCP server.
Specifically, I want to enforce an authorization layer where:
Only explicitly allowed users can access MCP
Access should not rely solely on possession of a token
I should be able to manage users without rebuilding the image
Is there a way to implement this directly in the code or via configuration (e.g., ConfigMap), such that:
MCP validates the incoming user (via Jira /myself or token introspection)
The user is checked against an allowlist
I can dynamically add/remove users from that allowlist without redeploying the service
Beta Was this translation helpful? Give feedback.
All reactions