Mastra•3mo ago

Can't access auth when calling an agent from MCP

Hello, I am facing a problem happy to get your help!

Working with express, I have created the following MCP

export const startMcp = async (app: INestApplication) => {
  const mastraService = app.get(MastraService, { strict: false });
  const organizationService = app.get(OrganizationService, { strict: false });

  const mastra = await mastraService.mastra();
  const agent = mastra.getAgent('postiz');
  const tools = await agent.getTools();

  const server = new MCPServer({
    name: 'Postiz MCP',
    version: '1.0.0',
    tools,
    agents: { postiz: agent },
  });

  app.use(
    '/mcp/:id',
    async (req: Request, res: Response, next: NextFunction) => {
      if (req.method === 'OPTIONS') {
        res.sendStatus(200);
        return;
      }

      // @ts-ignore
      req.auth = await organizationService.getOrgByApiKey(req.params.id);
      // @ts-ignore
      if (!req.auth) {
        throw new HttpException('Invalid url', 400);
      }

      const url = new URL(
        `/mcp/${req.params.id}`,
        process.env.NEXT_PUBLIC_BACKEND_URL
      );
      await server.startHTTP({
        url,
        httpPath: url.pathname,
        options: {
          sessionIdGenerator: () => {
            return randomUUID();
          },
        },
        req,
        res,
      });
    }
  );
};

export const startMcp = async (app: INestApplication) => {
  const mastraService = app.get(MastraService, { strict: false });
  const organizationService = app.get(OrganizationService, { strict: false });

  const mastra = await mastraService.mastra();
  const agent = mastra.getAgent('postiz');
  const tools = await agent.getTools();

  const server = new MCPServer({
    name: 'Postiz MCP',
    version: '1.0.0',
    tools,
    agents: { postiz: agent },
  });

  app.use(
    '/mcp/:id',
    async (req: Request, res: Response, next: NextFunction) => {
      if (req.method === 'OPTIONS') {
        res.sendStatus(200);
        return;
      }

      // @ts-ignore
      req.auth = await organizationService.getOrgByApiKey(req.params.id);
      // @ts-ignore
      if (!req.auth) {
        throw new HttpException('Invalid url', 400);
      }

      const url = new URL(
        `/mcp/${req.params.id}`,
        process.env.NEXT_PUBLIC_BACKEND_URL
      );
      await server.startHTTP({
        url,
        httpPath: url.pathname,
        options: {
          sessionIdGenerator: () => {
            return randomUUID();
          },
        },
        req,
        res,
      });
    }
  );
};

export const startMcp = async (app: INestApplication) => {
  const mastraService = app.get(MastraService, { strict: false });
  const organizationService = app.get(OrganizationService, { strict: false });

  const mastra = await mastraService.mastra();
  const agent = mastra.getAgent('postiz');
  const tools = await agent.getTools();

  const server = new MCPServer({
    name: 'Postiz MCP',
    version: '1.0.0',
    tools,
    agents: { postiz: agent },
  });

  app.use(
    '/mcp/:id',
    async (req: Request, res: Response, next: NextFunction) => {
      if (req.method === 'OPTIONS') {
        res.sendStatus(200);
        return;
      }

      // @ts-ignore
      req.auth = await organizationService.getOrgByApiKey(req.params.id);
      // @ts-ignore
      if (!req.auth) {
        throw new HttpException('Invalid url', 400);
      }

      const url = new URL(
        `/mcp/${req.params.id}`,
        process.env.NEXT_PUBLIC_BACKEND_URL
      );
      await server.startHTTP({
        url,
        httpPath: url.pathname,
        options: {
          sessionIdGenerator: () => {
            return randomUUID();
          },
        },
        req,
        res,
      });
    }
  );
};

export const startMcp = async (app: INestApplication) => {
  const mastraService = app.get(MastraService, { strict: false });
  const organizationService = app.get(OrganizationService, { strict: false });

  const mastra = await mastraService.mastra();
  const agent = mastra.getAgent('postiz');
  const tools = await agent.getTools();

  const server = new MCPServer({
    name: 'Postiz MCP',
    version: '1.0.0',
    tools,
    agents: { postiz: agent },
  });

  app.use(
    '/mcp/:id',
    async (req: Request, res: Response, next: NextFunction) => {
      if (req.method === 'OPTIONS') {
        res.sendStatus(200);
        return;
      }

      // @ts-ignore
      req.auth = await organizationService.getOrgByApiKey(req.params.id);
      // @ts-ignore
      if (!req.auth) {
        throw new HttpException('Invalid url', 400);
      }

      const url = new URL(
        `/mcp/${req.params.id}`,
        process.env.NEXT_PUBLIC_BACKEND_URL
      );
      await server.startHTTP({
        url,
        httpPath: url.pathname,
        options: {
          sessionIdGenerator: () => {
            return randomUUID();
          },
        },
        req,
        res,
      });
    }
  );
};

The req.auth works great in tools, I have been doing something like this:

  // @ts-ignore
  if (options?.extra?.authInfo) {
    // @ts-ignore
    runtimeContext.set('organization', JSON.stringify(options.extra.authInfo));
  }

  // @ts-ignore
  if (options?.extra?.authInfo) {
    // @ts-ignore
    runtimeContext.set('organization', JSON.stringify(options.extra.authInfo));
  }

  // @ts-ignore
  if (options?.extra?.authInfo) {
    // @ts-ignore
    runtimeContext.set('organization', JSON.stringify(options.extra.authInfo));
  }

  // @ts-ignore
  if (options?.extra?.authInfo) {
    // @ts-ignore
    runtimeContext.set('organization', JSON.stringify(options.extra.authInfo));
  }

Here is where I face a problem / bug.
I am using the MCP inspector from Anthropic.
When I execute a tool, it works great with options?.extra?.authInfo.
But if I send a question to my agent "ask_postiz",
I don't get the options?.extra?.authInfo in the tool anymore.
Are there any extra steps I am missing?

Nevo DavidOP•10/16/25, 2:29 PM

I ended up using AsyncStorage for now

Nevo DavidOP•10/16/25, 2:29 PM

waiting for a response

_roamin_•10/16/25, 10:07 PM

Hey @Daniel Lew ! Is that something that's possible currently?

Mastra Triager•10/17/25, 12:04 PM

Created GitHub issue: https://github.com/mastra-ai/mastra/issues/8948

GitHub

[DISCORD:1428353801869332650] Can't access auth when calling an age...

This issue was created from Discord post: https://discord.com/channels/1309558646228779139/1428353801869332650 Hello, I am facing a problem happy to get your help!

Working with express, I have cr...

Daniel Lew•10/17/25, 2:28 PM

hmm if I understand correctly, when you use the MCPClient and pull the tool off of the MCPServer to pass to the agent, the req.auth does not get set, is that right?

Nevo DavidOP•10/17/25, 2:40 PM

Yup

Daniel Lew•10/17/25, 2:45 PM

is your MCP route '/mcp/:id' getting hit when the agent executes the tool?

Nevo DavidOP•10/17/25, 2:59 PM

Yes, all the other tools get the auth, only the ask<agent> after passing to the tool is not passing so for example:

execute >> tool >> there is auth
execute >> tool (ask<name>) - which is the agent >> tool - no auth

Daniel Lew•10/17/25, 3:01 PM

ooh! Now I understand, when you convert the agent to a tool it doesn't work as expected. I'm getting there is probably just some context not being passed to the agent when we convert it into a tool

Nevo DavidOP•10/17/25, 3:18 PM

Does it supposed to pass the auth, or it's not how it should work?

Daniel Lew•10/23/25, 7:29 PM

When we turn an agent into an mcp tool, we just call agent.generate() there and likely do not pass the extraextra property from that tool execute arg to the agent itself https://github.com/mastra-ai/mastra/blob/main/packages/mcp/src/server/server.ts#L766. This is why the agent loses the request context of this. It's likely that all we need to do is populate the agent's runtime context with the extra information. This isn't high on our priority list to do, but if make a PR for it we're happy to review it

GitHub

mastra/packages/mcp/src/server/server.ts at main · mastra-ai/mastra

The TypeScript AI agent framework.

Assistants, RAG, observability. Supports any LLM: GPT-4, Claude, Gemini, Llama. - mastra-ai/mastra

Daniel Lew•11/10/25, 7:15 PM

We've got a fix for this coming in the next release https://github.com/mastra-ai/mastra/pull/9538

Can't access auth when calling an agent from MCP

Similar Threads

Similar Threads

Similar Threads