My current understanding is this:
When I have a chat service (acting as mcp client) and an mcp server deployed in a server environment where multiple users are using the same chat web interface. Then only one connection between the mcp client and the mcp server is established (this is also described by @markpollack at https://spring.io/blog/2025/09/16/spring-ai-mcp-intro-blog -> "Each client handles one direct communication with one server.").
In this scenario the following calls are made until the first mcp tool call can be executed (assuming default ToolCallbacks are set):
- the mcp client establishes a connection to the mcp server
- the mcp client calls
initialize - the mcp client calls
logging/setLevel - the mcp client calls
tools/list,prompts/list,resources/list - the mcp client calls tools and resources in the context of a user request
At startup it is not possible to pass a users authentication to the MCP server, because there is no user request. but to support sampling, the connection to the MCP server must be established at startup (via .defaultToolCallbacks(..), incl. the steps 1-4.
Calling the tool initialization with .toolCallbacks(..) at prompt time is to late.
In my scenario, I need the enduser token to be propagated to the MCP Server to call a downstream REST service - this is possible with the latest changes, but only if I use the SSE Connection, where the call to MCP is
Expected Behavior
I would like to have a different authorisation option for initialisation (Machine to Machine (M2M) Authorization), e.g. for tools/list) calls than for execution (e.g. tools/call) calls.
I might even want to disable auth for initialisation at all.
Current Behavior
Currently all calls are handled the same, this does not allow to initialise the list of existing tools at startup in a secure environment where user authentication is required to call MCP Tools (tools/call)
cc @Kehrlann