feat: adds authentication to mcp server under feature flag

src/backend/base/langflow/alembic/versions/3162e83e485f_add_auth_settings_to_folder_and_merge.py

@@ -0,0 +1,58 @@
+"""Add auth_settings column to folder table and merge migration branches.
+
+Revision ID: 3162e83e485f
+Revises: 0ae3a2674f32, d9a6ea21edcd
+Create Date: 2025-01-16 13:00:00.000000
+
+"""
+
+from collections.abc import Sequence
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = "3162e83e485f"
+down_revision: str | Sequence[str] | None = ("0ae3a2674f32", "d9a6ea21edcd")
+branch_labels: str | Sequence[str] | None = None
+depends_on: str | Sequence[str] | None = None
+
+
+def upgrade() -> None:
+    """Add auth_settings column to folder table and merge migration branches."""
+    conn = op.get_bind()
+    inspector = sa.inspect(conn)
+
+    # Check if folder table exists
+    table_names = inspector.get_table_names()
+    if "folder" not in table_names:
+        # If folder table doesn't exist, skip this migration
+        return
+
+    # Get current column names in folder table
+    column_names = [column["name"] for column in inspector.get_columns("folder")]
+
+    # Add auth_settings column to folder table if it doesn't exist
+    with op.batch_alter_table("folder", schema=None) as batch_op:
+        if "auth_settings" not in column_names:
+            batch_op.add_column(sa.Column("auth_settings", sa.JSON(), nullable=True))
+
+
+def downgrade() -> None:
+    """Remove auth_settings column from folder table."""
+    conn = op.get_bind()
+    inspector = sa.inspect(conn)
+
+    # Check if folder table exists
+    table_names = inspector.get_table_names()
+    if "folder" not in table_names:
+        # If folder table doesn't exist, skip this migration
+        return
+
+    # Get current column names in folder table
+    column_names = [column["name"] for column in inspector.get_columns("folder")]
+
+    # Remove auth_settings column from folder table if it exists
+    with op.batch_alter_table("folder", schema=None) as batch_op:
+        if "auth_settings" in column_names:
+            batch_op.drop_column("auth_settings")

src/backend/base/langflow/api/v1/mcp_projects.py

@@ -30,7 +30,13 @@
     handle_mcp_errors,
     with_db_session,
 )
-from langflow.api.v1.schemas import MCPInstallRequest, MCPSettings, SimplifiedAPIRequest
+from langflow.api.v1.schemas import (
+    MCPInstallRequest,
+    MCPProjectResponse,
+    MCPProjectUpdateRequest,
+    MCPSettings,
+    SimplifiedAPIRequest,
+)
 from langflow.base.mcp.constants import MAX_MCP_SERVER_NAME_LENGTH, MAX_MCP_TOOL_NAME_LENGTH
 from langflow.base.mcp.util import get_flow_snake_case, get_unique_name, sanitize_mcp_name
 from langflow.helpers.flow import json_schema_from_flow
@@ -64,7 +70,7 @@ async def list_project_tools(
     current_user: CurrentActiveMCPUser,
     *,
     mcp_enabled: bool = True,
-) -> list[MCPSettings]:
+) -> MCPProjectResponse:
     """List all tools in a project that are enabled for MCP."""
     tools: list[MCPSettings] = []
     try:
@@ -118,12 +124,19 @@ async def list_project_tools(
                     logger.warning(msg)
                     continue
 
+            # Get project-level auth settings
+            auth_settings = None
+            if project.auth_settings:
+                from langflow.api.v1.schemas import AuthSettings
+
+                auth_settings = AuthSettings(**project.auth_settings)
+
     except Exception as e:
         msg = f"Error listing project tools: {e!s}"
         logger.exception(msg)
         raise HTTPException(status_code=500, detail=str(e)) from e
 
-    return tools
+    return MCPProjectResponse(tools=tools, auth_settings=auth_settings)
 
 
 @router.head("/{project_id}/sse", response_class=HTMLResponse, include_in_schema=False)
@@ -222,10 +235,10 @@ async def handle_project_messages_with_slash(project_id: UUID, request: Request,
 @router.patch("/{project_id}", status_code=200)
 async def update_project_mcp_settings(
     project_id: UUID,
-    settings: list[MCPSettings],
+    request: MCPProjectUpdateRequest,
     current_user: CurrentActiveMCPUser,
 ):
-    """Update the MCP settings of all flows in a project."""
+    """Update the MCP settings of all flows in a project and project-level auth settings."""
     try:
         async with session_scope() as session:
             # Fetch the project first to verify it exists and belongs to the current user
@@ -240,9 +253,16 @@ async def update_project_mcp_settings(
             if not project:
                 raise HTTPException(status_code=404, detail="Project not found")
 
+            # Update project-level auth settings
+            if request.auth_settings:
+                project.auth_settings = request.auth_settings.model_dump()
+            else:
+                project.auth_settings = None
+            session.add(project)
+
             # Query flows in the project
             flows = (await session.exec(select(Flow).where(Flow.folder_id == project_id))).all()
-            flows_to_update = {x.id: x for x in settings}
+            flows_to_update = {x.id: x for x in request.settings}
 
             updated_flows = []
             for flow in flows:
@@ -260,7 +280,7 @@ async def update_project_mcp_settings(
 
             await session.commit()
 
-            return {"message": f"Updated MCP settings for {len(updated_flows)} flows"}
+            return {"message": f"Updated MCP settings for {len(updated_flows)} flows and project auth settings"}
 
     except Exception as e:
         msg = f"Error updating project MCP settings: {e!s}"

src/backend/base/langflow/api/v1/schemas.py

@@ -440,6 +440,17 @@ class CancelFlowResponse(BaseModel):
     message: str
 
 
+class AuthSettings(BaseModel):
+    """Model representing authentication settings for MCP."""
+
+    auth_type: str = "none"
+    api_key: str | None = None
+    username: str | None = None
+    password: str | None = None
+    bearer_token: str | None = None
+    iam_endpoint: str | None = None
+
+
 class MCPSettings(BaseModel):
     """Model representing MCP settings for a flow."""
 
@@ -449,6 +460,21 @@ class MCPSettings(BaseModel):
     action_description: str | None = None
     name: str | None = None
     description: str | None = None
+    auth_settings: AuthSettings | None = None
+
+
+class MCPProjectUpdateRequest(BaseModel):
+    """Request model for updating MCP project settings including auth."""
+
+    settings: list[MCPSettings]
+    auth_settings: AuthSettings | None = None
+
+
+class MCPProjectResponse(BaseModel):
+    """Response model for MCP project tools with auth settings."""
+
+    tools: list[MCPSettings]
+    auth_settings: AuthSettings | None = None
 
 
 class MCPInstallRequest(BaseModel):

src/backend/base/langflow/services/database/models/folder/model.py

@@ -2,7 +2,7 @@
 from uuid import UUID, uuid4
 
 from sqlalchemy import Text, UniqueConstraint
-from sqlmodel import Column, Field, Relationship, SQLModel
+from sqlmodel import JSON, Column, Field, Relationship, SQLModel
 
 from langflow.services.database.models.flow.model import Flow, FlowRead
 from langflow.services.database.models.user.model import User
@@ -11,6 +11,11 @@
 class FolderBase(SQLModel):
     name: str = Field(index=True)
     description: str | None = Field(default=None, sa_column=Column(Text))
+    auth_settings: dict | None = Field(
+        default=None,
+        sa_column=Column(JSON, nullable=True),
+        description="Authentication settings for the folder/project",
+    )
 
 
 class Folder(FolderBase, table=True):  # type: ignore[call-arg]
@@ -53,3 +58,4 @@ class FolderUpdate(SQLModel):
     parent_id: UUID | None = None
     components: list[UUID] = Field(default_factory=list)
     flows: list[UUID] = Field(default_factory=list)
+    auth_settings: dict | None = None

src/frontend/package.json

@@ -15,6 +15,7 @@
     "@radix-ui/react-icons": "^1.3.0",
     "@radix-ui/react-label": "^2.0.2",
     "@radix-ui/react-popover": "^1.0.7",
+    "@radix-ui/react-radio-group": "^1.3.7",
     "@radix-ui/react-select": "^2.0.0",
     "@radix-ui/react-separator": "^1.0.3",
     "@radix-ui/react-slider": "^1.2.1",

src/frontend/src/components/core/parameterRenderComponent/components/ToolsComponent/index.tsx

@@ -44,7 +44,7 @@ export default function ToolsComponent({
     <div
       className={cn(
         "flex w-full items-center",
-        disabled && "cursor-not-allowed",
+        disabled && "cursor-not-allowed"
       )}
     >
       <ToolsModal
@@ -68,7 +68,7 @@ export default function ToolsComponent({
             disabled={!value || disabled}
             size={"iconMd"}
             className={cn(
-              "absolute -top-8 right-0 !text-mmd font-normal text-muted-foreground group-hover:text-primary",
+              "absolute -top-8 right-0 !text-mmd font-normal text-muted-foreground group-hover:text-primary"
             )}
             data-testid="button_open_actions"
             onClick={() => setIsModalOpen(true)}

src/frontend/src/components/ui/radio-group.tsx

@@ -0,0 +1,39 @@
+import * as React from "react";
+import * as RadioGroupPrimitive from "@radix-ui/react-radio-group";
+import { CircleIcon } from "lucide-react";
+import { cn } from "@/utils/utils";
+function RadioGroup({
+  className,
+  ...props
+}: React.ComponentProps<typeof RadioGroupPrimitive.Root>) {
+  return (
+    <RadioGroupPrimitive.Root
+      data-slot="radio-group"
+      className={cn("grid gap-3", className)}
+      {...props}
+    />
+  );
+}
+function RadioGroupItem({
+  className,
+  ...props
+}: React.ComponentProps<typeof RadioGroupPrimitive.Item>) {
+  return (
+    <RadioGroupPrimitive.Item
+      data-slot="radio-group-item"
+      className={cn(
+        "border-input text-primary focus-visible:border-ring focus-visible:ring-ring/50 aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive dark:bg-input/30 aspect-square size-4 shrink-0 rounded-full border shadow-xs transition-[color,box-shadow] outline-none focus-visible:ring-[3px] disabled:cursor-not-allowed disabled:opacity-50",
+        className
+      )}
+      {...props}
+    >
+      <RadioGroupPrimitive.Indicator
+        data-slot="radio-group-indicator"
+        className="relative flex items-center justify-center"
+      >
+        <CircleIcon className="fill-primary absolute top-1/2 left-1/2 size-2 -translate-x-1/2 -translate-y-1/2" />
+      </RadioGroupPrimitive.Indicator>
+    </RadioGroupPrimitive.Item>
+  );
+}
+export { RadioGroup, RadioGroupItem };

src/frontend/src/controllers/API/queries/mcp/use-get-flows-mcp.ts

@@ -1,5 +1,5 @@
 import type { useQueryFunctionType } from "@/types/api";
-import type { MCPSettingsType } from "@/types/mcp";
+import type { MCPProjectResponseType } from "@/types/mcp";
 import { api } from "../../api";
 import { getURL } from "../../helpers/constants";
 import { UseRequestProcessor } from "../../services/request-processor";
@@ -8,7 +8,7 @@ interface IGetFlowsMCP {
   projectId: string;
 }
 
-type getFlowsMCPResponse = Array<MCPSettingsType>;
+type getFlowsMCPResponse = MCPProjectResponseType;
 
 export const useGetFlowsMCP: useQueryFunctionType<
   IGetFlowsMCP,
@@ -24,7 +24,7 @@ export const useGetFlowsMCP: useQueryFunctionType<
       return data;
     } catch (error) {
       console.error(error);
-      return [];
+      return { tools: [], auth_settings: undefined };
     }
   };
 

src/frontend/src/controllers/API/queries/mcp/use-patch-flows-mcp.ts

@@ -1,6 +1,6 @@
 import type { UseMutationResult } from "@tanstack/react-query";
 import type { useMutationFunctionType } from "@/types/api";
-import type { MCPSettingsType } from "@/types/mcp";
+import type { AuthSettingsType, MCPSettingsType } from "@/types/mcp";
 import { api } from "../../api";
 import { getURL } from "../../helpers/constants";
 import { UseRequestProcessor } from "../../services/request-processor";
@@ -9,29 +9,34 @@ interface PatchFlowMCPParams {
   project_id: string;
 }
 
+interface PatchFlowMCPRequest {
+  settings: MCPSettingsType[];
+  auth_settings?: AuthSettingsType;
+}
+
 interface PatchFlowMCPResponse {
   message: string;
 }
 
 export const usePatchFlowsMCP: useMutationFunctionType<
   PatchFlowMCPParams,
-  MCPSettingsType[],
+  PatchFlowMCPRequest,
   PatchFlowMCPResponse
 > = (params, options?) => {
   const { mutate, queryClient } = UseRequestProcessor();
 
-  async function patchFlowMCP(flowMCP: MCPSettingsType[]): Promise<any> {
+  async function patchFlowMCP(requestData: PatchFlowMCPRequest): Promise<any> {
     const res = await api.patch(
       `${getURL("MCP")}/${params.project_id}`,
-      flowMCP,
+      requestData,
     );
     return res.data.message;
   }
 
   const mutation: UseMutationResult<
     PatchFlowMCPResponse,
     any,
-    MCPSettingsType[]
+    PatchFlowMCPRequest
   > = mutate(["usePatchFlowsMCP"], patchFlowMCP, {
     onSettled: () => {
       queryClient.refetchQueries({ queryKey: ["useGetFlowsMCP"] });

src/frontend/src/customization/feature-flags.ts

@@ -15,3 +15,4 @@ export const ENABLE_VOICE_ASSISTANT = true;
 export const ENABLE_IMAGE_ON_PLAYGROUND = false;
 export const ENABLE_MCP = true;
 export const ENABLE_MCP_NOTICE = false;
+export const ENABLE_MCP_AUTH = true;