W
Wasp2w ago
YuehLin

MCP OAuth login

Hello, I’m trying to set up remote MCP server following this example (https://github.com/cloudflare/ai/tree/main/demos/remote-mcp-google-oauth) and will call WASP API routes when using the tool. Does anyone know if I could use the same google oauth client or not to log in from MCP and passing maybe the access token in the header to get auth user in WASP API endpoint function?
GitHub
ai/demos/remote-mcp-google-oauth at main · cloudflare/ai
Contribute to cloudflare/ai development by creating an account on GitHub.
11 Replies
kapa.ai
kapa.ai2w ago
Hi @YuehLin. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- Based on the available knowledge sources, Wasp does not currently expose a public REST API for authenticating users directly with an external access token (such as a Google OAuth access token obtained from another client like MCP). Wasp’s authentication system is designed to work with its own frontend and backend, using internal RPC mechanisms rather than a generic REST API for authentication. There is discussion in the community about supporting multiple clients and exposing an HTTP API for operations, but as of now, this is not implemented. The recommended workaround is to use the Wasp-generated frontend for authentication, or potentially load a WebView in your external app that opens the Wasp login/signup page and authenticates the user there. Extracting the access token from another OAuth flow and passing it to Wasp’s backend is not natively supported and would require significant custom work, such as custom API endpoints and middleware to handle and verify the token, and then inject the user into the request context. This is considered tricky and not straightforward with the current Wasp setup Discord support thread: How can I authenticate a user from a mobile app, Github Issue: Support for multiple clients. In summary:
- You cannot directly use a Google OAuth access token from MCP to authenticate with Wasp’s API out of the box. - Wasp expects to handle the OAuth flow itself. - Custom solutions are possible but require significant manual setup and are not officially documented or supported. If you need this functionality, you may need to implement custom API endpoints and middleware in your Wasp app to handle external tokens, but this is not covered in the official documentation. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @YuehLin, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
Filip
Filip5d ago
@Vinny (@Wasp) I have to tag you again my man cause I barely know what MCP is <ashamed emoji>
genyus
genyus5d ago
@YuehLin looking at that repo, I think you'd be better off using the vanilla remote-mcp-server starter, which demonstrates authorisation using a dummy login form. You could then implement a Wasp-based login flow by following the example Wasp/Expo app .
GitHub
ai/demos/remote-mcp-server at main · cloudflare/ai
Contribute to cloudflare/ai development by creating an account on GitHub.
GitHub
GitHub - wasp-lang/wasp-expo-app: Example of using Wasp's auth and ...
Example of using Wasp's auth and API in an Expo mobile app - wasp-lang/wasp-expo-app
YuehLin
YuehLinOP15h ago
@genyus Thanks for the advice. Will try it out and let you know the result! @kapa.ai how can I get user session id from api route?
kapa.ai
kapa.ai15h ago
Let me check the knowledge base for you again. One moment! :books:
MEE6
MEE615h ago
Wohooo @YuehLin, you just became a Waspeteer level 1!
kapa.ai
kapa.ai15h ago
---------------------- To get the user session ID from an API route in Wasp, you can access the session information via the context object that is passed to your API handler. The context object contains user session information, as well as information about entities. Here’s an example of how you can access the user (and thus session-related info) in a custom API endpoint: 
export const fooBar = (req, res, context) => {  
  // context.user contains the logged-in user info
  // context.sessionId is not explicitly documented, but context contains session info
  res.json({ msg: `Hello, ${context.user ? "registered user" : "stranger"}!` });  
};
export const fooBar = (req, res, context) => {  
  // context.user contains the logged-in user info
  // context.sessionId is not explicitly documented, but context contains session info
  res.json({ msg: `Hello, ${context.user ? "registered user" : "stranger"}!` });  
};
While the documentation shows how to access context.user, it does not explicitly mention a context.sessionId field. However, there is a related GitHub issue suggesting that Wasp extends the Express request with fields like user and sessionId, and there is an intention to improve this with TypeScript typings using declare global. This suggests that sessionId may be available on the context object, but this is not confirmed in the official docs or examples provided. If you need to access the session ID specifically, you may want to log or inspect the context object in your API handler to see if sessionId is present in your version of Wasp. Reference: Defining the API's NodeJS Implementation, Use declare global to declare Wasp specific fields in the Express request Summary:
- Use the context object in your API handler to access user/session info. - context.user is documented; context.sessionId may be available but is not explicitly documented. - Inspect the context object in your handler to confirm availability of sessionId. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @YuehLin, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
YuehLin
YuehLinOP14h ago
@kapa.ai Do I need to include SessionId in entities for the api route in main.wasp?
kapa.ai
kapa.ai14h ago
Let me check the knowledge base for you again. One moment! :books: ---------------------- No, you do not need to include SessionId in the entities list for your API route in main.wasp. The entities field in the api declaration is used to specify which business entities (like Task, User, etc.) you want to access via the context.entities object in your API handler. The session information, including session ID, is managed internally by Wasp and is made available through the context object passed to your API handler. You do not need to declare or include the session entity or session ID in the entities list for this purpose. Here’s what the docs say about the entities field:
A list of entities you wish to use inside your API.
Wasp will inject the specified Entity into the APIs context argument, giving you access to the Entity's Prisma API
Using Entities in APIs
Session management is handled separately and does not require you to include Session or SessionId in the entities array for your API route. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @YuehLin, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?
YuehLin
YuehLinOP14h ago
@kapa.ai I tried const accessToken = context.entities.sessionId;, but error TS2339: Property 'sessionId' does not exist on type '{}'. is returned when running wasp start
kapa.ai
kapa.ai14h ago
Let me check the knowledge base for you again. One moment! :books: ---------------------- The error you are seeing, 
error TS2339: Property 'sessionId' does not exist on type '{}'.
error TS2339: Property 'sessionId' does not exist on type '{}'.
is because sessionId is not a property of context.entities. The entities object inside context only contains the entities you have declared in your main.wasp file (such as Task, User, etc.), and does not include session information or session IDs. Session and user information are available directly on the context object, not under context.entities. For example, you can access the logged-in user with context.user in your API handler, but there is no official documentation stating that context.sessionId is available. The knowledge sources do not mention a way to directly access the session ID from the context in API routes. If you need to access session information, you should use context.user for user-related data. If you specifically need the session ID, the knowledge sources do not provide a documented way to access it in the API route context, so it may not be supported at this time Defining the API's NodeJS Implementation. Summary:
- context.entities does not contain session information. - Use context.user for user info. - There is no documented way to access sessionId in the API route context. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ---------------------- Sorry @YuehLin, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist: Perhaps try again in 15mins?

Did you find this page helpful?