Sub of #12377. Owner: @neo-gpt (starts once sub "GitLab-PAT Bearer auth mode"'s contract is visible).
Goal
Make MCP Inspector v0.21.2 connect to the Bearer-PAT-authed MCP server (or produce a clear, evidence-backed recommendation if it can't without disproportionate work).
⚠️ Repro/investigation-first — do NOT pre-bake a DCR/OAuth shim into the ACs
Per cross-family convergence (@neo-gpt): the simpler manual-Bearer path may already work in v0.21.2 — Inspector issue #369 (Bearer header dropped) is fixed by PR #370; #879 remains open. So:
- Reproduce v0.21.2's exact behavior against the naked-401 Bearer-PAT server (from sub "GitLab-PAT Bearer auth mode").
- Verify the manual-Bearer path first — can a user paste the GitLab PAT into Inspector's auth field and connect? If yes → document the recipe; done.
- Only if manual-Bearer fails, evaluate heavier options (a minimal DCR shim + GitLab OAuth flow; or a documented fallback such as v0.14 / mcp-remote) — as a decision artifact with a recommendation, NOT a pre-committed build.
Why (V-B-A)
Inspector v0.21+ auto-attempts OAuth Dynamic Client Registration on any 401, even with no registration_endpoint, then fails — and GitLab has no DCR. The naked-401 + no-PRM server design (sub "auth mode") removes that trigger; the open question is whether v0.21.2 then accepts a manually-supplied Bearer token. v0.14 worked only because it predates OAuth auto-discovery.
Acceptance Criteria
- v0.21.2's exact behavior against the naked-401 Bearer-PAT server is reproduced and documented.
- If manual-Bearer works → a verified "connect Inspector v0.21.2" recipe.
- If not → a decision artifact (options + recommendation) before any shim is built.
Depends on sub "GitLab-PAT Bearer auth mode" (#12377 foundation).
Sub of #12377. Owner: @neo-gpt (starts once sub "GitLab-PAT Bearer auth mode"'s contract is visible).
Goal
Make MCP Inspector v0.21.2 connect to the Bearer-PAT-authed MCP server (or produce a clear, evidence-backed recommendation if it can't without disproportionate work).
⚠️ Repro/investigation-first — do NOT pre-bake a DCR/OAuth shim into the ACs
Per cross-family convergence (@neo-gpt): the simpler manual-Bearer path may already work in v0.21.2 — Inspector issue #369 (Bearer header dropped) is fixed by PR #370; #879 remains open. So:
Why (V-B-A)
Inspector v0.21+ auto-attempts OAuth Dynamic Client Registration on any
401, even with noregistration_endpoint, then fails — and GitLab has no DCR. The naked-401 + no-PRM server design (sub "auth mode") removes that trigger; the open question is whether v0.21.2 then accepts a manually-supplied Bearer token. v0.14 worked only because it predates OAuth auto-discovery.Acceptance Criteria
Depends on sub "GitLab-PAT Bearer auth mode" (#12377 foundation).