Skip to content

feat(magento): use connection-level Authorization token instead of form field#518

Merged
JonasJesus42 merged 1 commit into
mainfrom
magento-mcp-auth-improvement
Jul 13, 2026
Merged

feat(magento): use connection-level Authorization token instead of form field#518
JonasJesus42 merged 1 commit into
mainfrom
magento-mcp-auth-improvement

Conversation

@JonasJesus42

@JonasJesus42 JonasJesus42 commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Removes apiToken from the Magento MCP connection form (configSchema and StateSchema) — users now enter their Magento integration token in the encrypted Token field of the HTTP connection instead.
  • resolveCredentials now accepts the full MESH_REQUEST_CONTEXT and extracts the API token from ctx.authorization (stripping the Bearer prefix), with MAGENTO_API_TOKEN env var as a local dev fallback.
  • All 7 tool files updated to pass env.MESH_REQUEST_CONTEXT directly instead of env.MESH_REQUEST_CONTEXT?.state.

This aligns the Magento MCP with the pattern used by Strapi, HyperDX, and Discord MCPs in this repo, where the connection-level token (encrypted at rest) is used as the downstream API key.

🤖 Generated with Claude Code


Summary by cubic

Switch Magento MCP to use the HTTP connection’s Authorization token instead of the apiToken form field. This simplifies setup, encrypts the token at rest, and aligns with our other MCPs.

  • Refactors

    • Read the API token from MESH_REQUEST_CONTEXT.authorization (strips Bearer), with MAGENTO_API_TOKEN as a local fallback.
    • Removed apiToken from configSchema/StateSchema; updated all tools to pass the full MESH_REQUEST_CONTEXT.
  • Migration

    • Set your Magento integration token in the HTTP connection’s Token field.
    • Remove any apiToken from existing Magento connections; keep baseUrl only.
    • For local dev without a connection token, set the MAGENTO_API_TOKEN env var.

Written for commit a14faf6. Summary will update on new commits.

Review in cubic

…rm field

Removes apiToken from the configSchema form and StateSchema — users now
set their Magento integration token in the encrypted Token field of the
HTTP connection. resolveCredentials reads MESH_REQUEST_CONTEXT.authorization
(strips Bearer prefix) with MAGENTO_API_TOKEN env var as a local fallback.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@JonasJesus42 JonasJesus42 enabled auto-merge (squash) July 13, 2026 13:23
@JonasJesus42 JonasJesus42 disabled auto-merge July 13, 2026 13:23
@JonasJesus42 JonasJesus42 merged commit 701f003 into main Jul 13, 2026
1 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant