Short-term solution for multi-user MCP servers: Whitelist users?

[Joshfindit]

Background:

I've read through some of the upcoming changes around proper auth for MCP servers and a shift towards streamable. It's inevitable as the community at large needs to solve MCP auth regardless.

But:

1. We're not there yet
2. There will likely continue to be reasons to have specific servers as stdio, even if just for backwards-compatibility

My intuition is that a good short-term solution is to add an 'allowed_users' section to the yaml definition.
When populated it becomes a whitelist where only those user IDs are given access to the MCP.

Example:

  fetch:
    type: stdio
    command: uvx
    args:
      - mcp-server-fetch
    allowed_users:
      - ['68237fb0c530a22f6ece724b', '68239d2a589efe28551e1e1a']

Thoughts?

[danny-avila]

I wrote on this here: #7444 (comment)

tl;dr, there is a long-term solution for this planned. For now, it's better at the MCP server level, and we can have a short-term solution to pass more user info values soon.

[danny-avila]

There are lots of good solutions implemented already, check the MCP config documentation. We are working towards adding proper support for oauth too (already mostly supported, just missing adding from frontend).

Check headers and customUserVars
https://www.librechat.ai/docs/configuration/librechat_yaml/object_structure/mcp_servers#example

[danny-avila]

What you’re asking about filesystem specifically requires a totally different framework to help bridge user computer processes through some MCP gateway to the remote instance and is outside of the scope for now. What would fit that use case better is a totally different/custom MCP server that provides similar functionality via google drive, one drive, etc.

[Joshfindit]

I don't see anything on that page that I can use for the filesystem specifically as it's stdio, but I would even be happy with something like:

  args:
    - -y
    - "@modelcontextprotocol/server-filesystem"
    - /home/user/LibreChat/{{LIBRECHAT_USER_ID}}

[danny-avila]

filesystem specifically as it's stdio

Right, but MCP servers with stdio transports are not meant to be used by more than one user. You would even have issues of users receiving other users' messages.

[Joshfindit]

I was worried about that. When watching the output I thought there was a slim chance it was running a fresh copy of the MCP for each request, but I understand the limitation now, thank you.