Authentication & Authorization

FastMCP v2 has built-in auth support. Critical for MyLocalGPT’s security model.

Auth Providers

Provider	Use case
`OAuthProvider`	OAuth 2.0 flows (authorization code, client credentials)
`TokenVerifier`	JWT validation, static tokens, remote verification
`RemoteAuthProvider`	Delegate auth to an external service
`MultiAuth`	Combine multiple auth methods

OAuth Setup

from fastmcp import FastMCP
from fastmcp.server.auth import OAuthProvider

auth = OAuthProvider(
    client_id="...",
    client_secret="...",
    authorization_url="https://provider/authorize",
    token_url="https://provider/token",
)

mcp = FastMCP("SecureServer", auth=auth)

Per-Tool Authorization

Scope tools to specific permissions:

from fastmcp.server.auth import require_scopes, restrict_tag

@mcp.tool(auth=require_scopes(["read:data"]))
def read_data() -> dict:
    """Requires read:data scope."""
    return {"sensitive": "data"}

@mcp.tool(auth=restrict_tag("admin"))
def admin_action() -> str:
    """Only accessible to users with admin tag."""
    return "admin operation complete"

Custom Auth Checks

from fastmcp.server.auth import AuthCheck, AuthContext, AuthorizationError

class RequireApiKey(AuthCheck):
    async def run(self, context: AuthContext) -> None:
        if not context.token:
            raise AuthorizationError("API key required")
        if context.token != "expected-key":
            raise AuthorizationError("Invalid API key")

@mcp.tool(auth=RequireApiKey())
def protected_tool() -> str:
    return "authorized"

Multiple Auth Methods

from fastmcp.server.auth import MultiAuth

auth = MultiAuth(
    OAuthProvider(...),      # Try OAuth first
    TokenVerifier(...),      # Fall back to JWT
)

mcp = FastMCP("Server", auth=auth)

MyLocalGPT Integration Notes

FastMCP’s auth maps well to MyLocalGPT’s security architecture:

Credential proxy: FastMCP handles token injection via the client parameter on OpenAPI providers. The server holds the real credentials; the LLM never sees them.
Scoped tools: require_scopes and restrict_tag implement the “default-deny” principle - tools are locked down unless explicitly authorized.
Per-tool auth: Different tools can have different auth requirements, matching the “sandboxed execution” model.

The gap: FastMCP’s auth is for protecting the MCP server itself (who can call tools). MyLocalGPT’s credential proxy is about protecting outbound calls (injecting credentials into tool execution). These are complementary, not overlapping.