MCP Tools: No mechanism to pass user JWT token through ADK session.state to MCP server context #1402
Description
Description
Scenario
- Our MCP Tools are intended for internal use and rely on API calls that require a user JWT token for authentication.
- The ADK session.state can hold the JWT token, but the current implementation of MCP tools does not have direct access to the Context.
- Even if some context access is possible, there is no mechanism to propagate the JWT token from the ADK session to the MCP server context.
Impact
- MCP Tools cannot authenticate API requests on behalf of the user, blocking essential functionality.
- There is a gap between where the JWT token resides (ADK session.state) and where it is needed (MCP server context).
Text-Based Flow Diagram
+----------+ +--------------------------+ +-------------+ +--------------------+ +-------------+
| User | --> | ADK Session | --> | MCP Tool | -X->| MCP Server Context | --> | Backend API |
+----------+ | (JWT Token Stored Here) | | | | (Needs JWT Token) | | (Needs JWT) |
+--------------------------+ +-------------+ +--------------------+ +-------------+
|
|
V
Problem Area:
MCP Tool cannot pass JWT
from ADK Session to
MCP Server Context.
The "-X->" indicates the broken path.
Where Things Fall Apart
- The MCP Tool does not have a mechanism to retrieve the JWT token from the ADK Session.
- Consequently, there is no way to provide this JWT token to the MCP Server Context, which needs it to make authenticated calls to the Backend API.
Proposed solution - #1198