MCP server: AccessToken class should have field for subject claim ("sub")

### Description

I'm proposing to add `subject` to `AccessToken` in `mcp/server/auth/provider.py`, which can be used to store the `sub` JWT claim that usually corresponds to the user ID:
```
class AccessToken(BaseModel):
    token: str
    client_id: str
    scopes: list[str]
    expires_at: int | None = None
    resource: str | None = None  # RFC 8707 resource indicator

    # Proposed:
    subject: str | None = None  # Subject (user ID)
```

Then we can implement a token verifier as follows:

```
class MyTokenVerifier:
    async def verify_token(self, token: str) -> AccessToken | None:
        try:
            token_claims = decode_and_validate_jwt(token)
        except ...:
            return None

        return AccessToken(
            token=token,
            ...
            subject=token_claims["sub"],
        )
```

and directly retrieve the user ID from the auth token in the context:

```
from mcp.server.auth.middleware.auth_context import get_access_token

user_id = get_access_token().subject
```

### References

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

MCP server: AccessToken class should have field for subject claim ("sub") #1038

Description

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

MCP server: AccessToken class should have field for subject claim ("sub") #1038

Description

Description

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions