Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How can I pass custom headers from the frontend to the Agent or MCP running in AgentCore, and how can I read those headers within the Agent or MCP?

0

I have an authentication flow where the frontend sends an ID token to the agent, which is running in AgentCore. Within the agent, I create an MCP client to connect to an MCP server also deployed in AgentCore.

The MCP server is already configured to authenticate using Cognito, and we’re passing a bearer token generated from Cognito for this purpose.

In addition to the bearer token, I want to pass a custom header (containing the original ID token) from the agent to the MCP server. The goal is to authenticate or authorize requests in the MCP server using middleware that reads this custom header.

However, when I inspect the incoming requests on the MCP server, the custom header is not present.

How can I properly pass and access custom headers between the agent and the MCP server in this setup?

Topics
ServerlessMachine Learning & AISecurity, Identity, & ComplianceGenerative AI on AWSAWS Well-Architected Framework
Tags
ServerlessAmazon CognitoSecurityAmazon Bedrock AgentCore
Language
English
asked 6 months ago791 views
1 Answer
0

When working with Amazon Bedrock AgentCore and MCP (Model Context Protocol) servers, you can pass custom headers from your frontend to the MCP server and read them within your application.

For passing custom headers to your MCP server deployed in AgentCore, you need to include them in the headers dictionary when creating your HTTP client connection. Based on the example code for connecting to an MCP server, you can modify the headers dictionary to include your custom headers:

headers = {
"authorization": f"Bearer {bearer_token}",
"Content-Type": "application/json",
"x-my-custom-id-token": "your-id-token-here"  # Add your custom header here
}

When making HTTP requests to AWS IoT Core or other AWS services, you can pass credentials and custom information through request headers. The header names are case-insensitive, but it's a good practice to follow consistent naming conventions.

For reading headers in your MCP server, you'll need to access the incoming HTTP request object in your server code. The exact implementation depends on the framework you're using for your MCP server. If you're using FastMCP or a similar framework, you should be able to access the request headers through the request object provided by your web framework.

If you're having issues with your custom headers not appearing in the MCP server, consider these potential issues:

  1. Header stripping: Some intermediary services might strip non-standard headers. Ensure your header names follow conventions (typically prefixed with "x-" for custom headers).

  2. CORS configuration: If your frontend is making cross-origin requests, ensure your CORS configuration allows the custom headers.

  3. Proxy configuration: If there are API gateways or proxies between your components, ensure they're configured to pass through your custom headers.

  4. Case sensitivity: While header names are technically case-insensitive, some implementations might handle them inconsistently.

For the specific case of passing an ID token from an agent to an MCP server within AgentCore, make sure both components are properly configured to handle the custom headers, and verify that the AgentCore runtime environment isn't stripping these headers during the request forwarding process.
Sources
https://docs.aws.amazon.com/embedded-csdk/202012.00/lib-ref/libraries/standard/coreHTTP/docs/doxygen/output/html/httpclient_addheader_function.html
Connecting to AWS IoT Core by using custom authentication - AWS IoT Core
Deploy MCP servers in AgentCore Runtime - Amazon Bedrock AgentCore

answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content