feat: OAuth support

.github/workflows/publish.yaml

@@ -170,6 +170,12 @@ jobs:
           # Push the manifest to GHCR
           docker manifest push "${GHCR_REGISTRY}:${IMAGE_TAG}"
 
+          # Create and push 'latest' tag manifest list
+          docker manifest create "${GHCR_REGISTRY}:latest" \
+            --amend "${GHCR_REGISTRY}:${IMAGE_TAG}-amd64" \
+            --amend "${GHCR_REGISTRY}:${IMAGE_TAG}-arm64"
+
+          docker manifest push "${GHCR_REGISTRY}:latest"
 
   publish:
     name: Publish package

.hadolint.yaml

@@ -0,0 +1,2 @@
+ignored:
+  - DL3006 # We specify the builder image as a build argument, so we ignore this issue. See the Dockerfile for more details.

CHANGELOG.md

@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 
 - [Zephyr] Added a tool `update-test-steps` for updating test execution test steps [#386](https://github.com/SmartBear/smartbear-mcp/pull/386)
+- [Common] Added OAuth token support for HTTP transport clients. [#330](https://github.com/SmartBear/smartbear-mcp/pull/330)
 - [BugSnag] Added "Get Events on an Error" tool for listing the events that have grouped into a specified error [#406](https://github.com/SmartBear/smartbear-mcp/pull/406)
 
 ### Changed

Dockerfile

@@ -1,4 +1,5 @@
-FROM node:22-alpine AS builder
+ARG BUILDER_IMAGE_NAME=node:22-alpine
+FROM ${BUILDER_IMAGE_NAME} AS builder
 
 # Must be entire project because `prepare` script is run during dependency installation and requires all files.
 WORKDIR /app

src/bugsnag/client.ts

@@ -1,6 +1,7 @@
 import { z } from "zod";
 import type { CacheService } from "../common/cache";
 import { MCP_SERVER_NAME, MCP_SERVER_VERSION } from "../common/info";
+import { getRequestHeader } from "../common/request-context";
 import type { SmartBearMcpServer } from "../common/server";
 import { ToolError } from "../common/tools";
 import type {
@@ -70,7 +71,7 @@ interface StabilityData {
 }
 
 const ConfigurationSchema = z.object({
-  auth_token: z.string().describe("BugSnag personal authentication token"),
+  auth_token: z.string().describe("BugSnag personal access token").optional(),
   project_api_key: z.string().describe("BugSnag project API key").optional(),
   endpoint: z.string().url().describe("BugSnag endpoint URL").optional(),
 });
@@ -83,6 +84,7 @@ export class BugsnagClient implements Client {
   private _errorsApi: ErrorAPI | undefined;
   private _projectApi: ProjectAPI | undefined;
   private _appEndpoint: string | undefined;
+  private _authToken?: string;
 
   get currentUserApi(): CurrentUserAPI {
     if (!this._currentUserApi) throw new Error("Client not configured");
@@ -114,13 +116,75 @@ export class BugsnagClient implements Client {
     config: z.infer<typeof ConfigurationSchema>,
   ): Promise<void> {
     this.cache = server.getCache();
+
     this._appEndpoint = this.getEndpoint(
       "app",
       config.project_api_key,
       config.endpoint,
     );
+    this._projectApiKey = config.project_api_key;
+    this._authToken = config.auth_token;
+
+    // Initialize APIs even if auth_token is missing, to allow request-level auth
+    await this.initializeApis(config);
+  }
+
+  getAuthToken(): string | null {
+    const contextHeader = getRequestHeader("Bugsnag-Auth-Token");
+    if (contextHeader) {
+      let token = Array.isArray(contextHeader)
+        ? contextHeader[0]
+        : contextHeader;
+
+      // Handle token prefix if present
+      if (token.startsWith("token ")) {
+        token = token.substring(6);
+      }
+
+      return `token ${token}`;
+    }
+
+    // Fall back to Authorization header (used by OAuth flow)
+    const bearerToken = this.getBearerToken();
+    if (bearerToken) {
+      return bearerToken;
+    }
+
+    // Fall back to configured token (needs prefix for Authorization header)
+    return this._authToken ? `token ${this._authToken}` : null;
+  }
+
+  getBearerToken(): string | null {
+    const contextHeader = getRequestHeader("Authorization");
+
+    if (contextHeader) {
+      let token = Array.isArray(contextHeader)
+        ? contextHeader[0]
+        : contextHeader;
+
+      // Handle Bearer prefix if present
+      if (token.startsWith("Bearer ")) {
+        token = token.substring(7);
+      }
+
+      return `Bearer ${token}`;
+    }
+
+    return null;
+  }
+
+  private async initializeApis(config: z.infer<typeof ConfigurationSchema>) {
     const apiConfig = new Configuration({
-      apiKey: `token ${config.auth_token}`,
+      apiKey: (_name: string) => {
+        const authToken = this.getAuthToken();
+        if (authToken) {
+          return authToken;
+        }
+
+        throw new Error(
+          "Authentication token not found in request headers or configuration",
+        );
+      },
       headers: {
         "User-Agent": `${MCP_SERVER_NAME}/${MCP_SERVER_VERSION}`,
         "Content-Type": "application/json",
@@ -136,9 +200,7 @@ export class BugsnagClient implements Client {
     this._currentUserApi = new CurrentUserAPI(apiConfig);
     this._errorsApi = new ErrorAPI(apiConfig);
     this._projectApi = new ProjectAPI(apiConfig);
-    this._projectApiKey = config.project_api_key;
     this._isConfigured = true;
-    return;
   }
 
   isConfigured(): boolean {

src/collaborator/client.ts

@@ -1,4 +1,5 @@
 import { z } from "zod";
+import { getRequestHeader } from "../common/request-context";
 import type { SmartBearMcpServer } from "../common/server";
 import type {
   Client,
@@ -8,10 +9,14 @@ import type {
 
 const ConfigurationSchema = z.object({
   base_url: z.url().describe("Collaborator server base URL"),
-  username: z.string().describe("Collaborator username for authentication"),
+  username: z
+    .string()
+    .describe("Collaborator username for authentication")
+    .optional(),
   login_ticket: z
     .string()
-    .describe("Collaborator login ticket for authentication"),
+    .describe("Collaborator login ticket for authentication")
+    .optional(),
 });
 
 export class CollaboratorClient implements Client {
@@ -35,11 +40,7 @@ export class CollaboratorClient implements Client {
   }
 
   isConfigured(): boolean {
-    return (
-      this.baseUrl !== undefined &&
-      this.username !== undefined &&
-      this.loginTicket !== undefined
-    );
+    return this.baseUrl !== undefined;
   }
 
   /**
@@ -49,11 +50,25 @@ export class CollaboratorClient implements Client {
    */
   async call(commands: any[]): Promise<any> {
     const url = `${this.baseUrl}/services/json/v1`;
+
+    let login = this.username;
+    let ticket = this.loginTicket;
+
+    const contextLogin = getRequestHeader("Collaborator-Login");
+    const contextTicket = getRequestHeader("Collaborator-Ticket");
+
+    if (contextLogin) {
+      login = Array.isArray(contextLogin) ? contextLogin[0] : contextLogin;
+    }
+    if (contextTicket) {
+      ticket = Array.isArray(contextTicket) ? contextTicket[0] : contextTicket;
+    }
+
     // Always prepend authentication command automatically
     const body = [
       {
         command: "SessionService.authenticate",
-        args: { login: this.username, ticket: this.loginTicket },
+        args: { login, ticket },
       },
       ...commands,
     ];

src/common/request-context.ts

@@ -0,0 +1,40 @@
+import { AsyncLocalStorage } from "node:async_hooks";
+import type { IncomingMessage } from "node:http";
+
+// Storage for pre-request data that can be retrieved from a tool to prevent caching as part of the server instance in a session.
+// For example, the auth token.
+export interface RequestContext {
+  headers: Record<string, string | string[] | undefined>;
+}
+
+// Create the storage instance
+export const requestContextStorage = new AsyncLocalStorage<RequestContext>();
+
+/**
+ * Run a callback within the request context, extracting headers from the request.
+ * This ensures request headers are available via AsyncLocalStorage to downstream code.
+ */
+export function withRequestContext<T>(req: IncomingMessage, fn: () => T): T {
+  return requestContextStorage.run({ headers: req.headers }, fn);
+}
+
+// Helper to get the current context
+export function getRequestContext(): RequestContext | undefined {
+  return requestContextStorage.getStore();
+}
+
+/**
+ * Helper to get a specific header from the current request
+ * @param name Header name (case-insensitive)
+ * @returns Header value or undefined if not found
+ */
+export function getRequestHeader(name: string): string | string[] | undefined {
+  const context = getRequestContext();
+  if (!context?.headers) return undefined;
+
+  // Headers are typically case-insensitive, but node http headers are lowercased
+  // We'll try exact match first, then lowercase match
+  const headerValue =
+    context.headers[name] || context.headers[name.toLowerCase()];
+  return headerValue;
+}

src/common/server.ts

@@ -87,6 +87,10 @@ export class SmartBearMcpServer extends McpServer {
     return this.elicitationSupported;
   }
 
+  getClients(): Client[] {
+    return this.clients;
+  }
+
   async cleanupSession(mcpSessionId: string): Promise<void> {
     for (const client of this.clients) {
       await client.cleanupSession?.(mcpSessionId);