[RHIDP-12903] Remove Bearer From MCP HEADERS for Lightspeed (#2621)

Jdubrick · web-flow · commit 7f443872446f · 2026-03-27T10:39:51.000-04:00
* remove Bearer from MCP header

Signed-off-by: Jordan Dubrick &lt;jdubrick@redhat.com&gt;

* add changeset

Signed-off-by: Jordan Dubrick &lt;jdubrick@redhat.com&gt;

* remove existing Bearer prefixes after rebase

Signed-off-by: Jordan Dubrick &lt;jdubrick@redhat.com&gt;

---------

Signed-off-by: Jordan Dubrick &lt;jdubrick@redhat.com&gt;
diff --git a/workspaces/lightspeed/.changeset/rotten-papayas-add.md b/workspaces/lightspeed/.changeset/rotten-papayas-add.md
@@ -0,0 +1,5 @@
+---
+'@red-hat-developer-hub/backstage-plugin-lightspeed-backend': patch
+---
+
+remove bearer from mcp header to adhere to LCORE standard
diff --git a/workspaces/lightspeed/plugins/lightspeed-backend/__fixtures__/mcpHandlers.ts b/workspaces/lightspeed/plugins/lightspeed-backend/__fixtures__/mcpHandlers.ts
@@ -28,7 +28,7 @@ const MOCK_TOOLS = [
 export const mcpHandlers: HttpHandler[] = [
   http.post(MOCK_MCP_ADDR, async ({ request }) => {
     const auth = request.headers.get('Authorization');
-    if (auth !== `Bearer ${MOCK_MCP_VALID_TOKEN}`) {
+    if (auth !== `${MOCK_MCP_VALID_TOKEN}`) {
       return HttpResponse.json({ error: 'Unauthorized' }, { status: 401 });
     }
 
diff --git a/workspaces/lightspeed/plugins/lightspeed-backend/src/service/mcp-server-validator.ts b/workspaces/lightspeed/plugins/lightspeed-backend/src/service/mcp-server-validator.ts
@@ -34,7 +34,7 @@ export class McpServerValidator {
   async validate(url: string, token: string): Promise<McpValidationResult> {
     const headers: Record<string, string> = {
       'Content-Type': 'application/json',
-      Authorization: `Bearer ${token}`,
+      Authorization: `${token}`,
       Accept: 'application/json, text/event-stream',
     };
 
diff --git a/workspaces/lightspeed/plugins/lightspeed-backend/src/service/router.test.ts b/workspaces/lightspeed/plugins/lightspeed-backend/src/service/router.test.ts
@@ -514,8 +514,8 @@ describe('lightspeed router tests', () => {
 
       const parsedHeaders = JSON.parse(capturedMcpHeaders!);
       expect(parsedHeaders).toEqual({
-        'mcp-server-1': { Authorization: 'Bearer token-1' },
-        'mcp-server-2': { Authorization: 'Bearer token-2' },
+        'mcp-server-1': { Authorization: 'token-1' },
+        'mcp-server-2': { Authorization: 'token-2' },
       });
     });
 
@@ -617,7 +617,7 @@ describe('lightspeed router tests', () => {
 
       const parsedHeaders = JSON.parse(capturedMcpHeaders!);
       expect(parsedHeaders).toEqual({
-        'single-mcp-server': { Authorization: 'Bearer single-token' },
+        'single-mcp-server': { Authorization: 'single-token' },
       });
     });
 
diff --git a/workspaces/lightspeed/plugins/lightspeed-backend/src/service/router.ts b/workspaces/lightspeed/plugins/lightspeed-backend/src/service/router.ts
@@ -57,7 +57,7 @@ interface StaticMcpServer {
 
 /**
  * Build MCP-HEADERS for LCS.  Format matches the LCS "client" auth model:
- *   { "server-name": { "Authorization": "Bearer <token>" } }
+ *   { "server-name": { "Authorization": "<token>" } }
  *
  * For each admin-configured server, includes the user's override token if
  * present in the DB, falling back to the admin default from app-config.
@@ -82,7 +82,7 @@ async function buildMcpHeaders(
     // If neither exists, the server is excluded from MCP-HEADERS.
     const token = setting?.token || server.token;
     if (token) {
-      headers[server.name] = { Authorization: `Bearer ${token}` };
+      headers[server.name] = { Authorization: `${token}` };
     }
   }
 

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +'@red-hat-developer-hub/backstage-plugin-lightspeed-backend': patch
 +---
++
 +remove bearer from mcp header to adhere to LCORE standard
Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ const MOCK_TOOLS = [`
`28`	`28`	`export const mcpHandlers: HttpHandler[] = [`
`29`	`29`	`http.post(MOCK_MCP_ADDR, async ({ request }) => {`
`30`	`30`	`const auth = request.headers.get('Authorization');`
`31`		- if (auth !== `Bearer ${MOCK_MCP_VALID_TOKEN}`) {
	`31`	+ if (auth !== `${MOCK_MCP_VALID_TOKEN}`) {
`32`	`32`	`return HttpResponse.json({ error: 'Unauthorized' }, { status: 401 });`
`33`	`33`	`}`
`34`	`34`
Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,7 @@ interface StaticMcpServer {`
`57`	`57`
`58`	`58`	`/**`
`59`	`59`	`* Build MCP-HEADERS for LCS. Format matches the LCS "client" auth model:`
`60`		`- * { "server-name": { "Authorization": "Bearer <token>" } }`
	`60`	`+ * { "server-name": { "Authorization": "<token>" } }`
`61`	`61`	`*`
`62`	`62`	`* For each admin-configured server, includes the user's override token if`
`63`	`63`	`* present in the DB, falling back to the admin default from app-config.`
`@@ -82,7 +82,7 @@ async function buildMcpHeaders(`
`82`	`82`	`// If neither exists, the server is excluded from MCP-HEADERS.`
`83`	`83`	`const token = setting?.token \|\| server.token;`
`84`	`84`	`if (token) {`
`85`		- headers[server.name] = { Authorization: `Bearer ${token}` };
	`85`	+ headers[server.name] = { Authorization: `${token}` };
`86`	`86`	`}`
`87`	`87`	`}`
`88`	`88`