diff --git a/mcp-server/polaris_mcp/rest.py b/mcp-server/polaris_mcp/rest.py index 6e02633e..f5e2fac4 100644 --- a/mcp-server/polaris_mcp/rest.py +++ b/mcp-server/polaris_mcp/rest.py @@ -27,6 +27,7 @@ from urllib.parse import urlencode, urljoin, urlsplit, urlunsplit, quote import urllib3 +from fastmcp.server.dependencies import get_http_headers from polaris_mcp.authorization import AuthorizationProvider, none from polaris_mcp.base import JSONDict, ToolExecutionResult @@ -243,6 +244,11 @@ def call(self, arguments: Any) -> ToolExecutionResult: token = self._authorization.authorization_header(realm) if token: header_values["Authorization"] = token + else: + incoming = get_http_headers(include={"authorization"}) + incoming_auth = incoming.get("authorization", "") + if incoming_auth: + header_values["Authorization"] = incoming_auth header_name = os.getenv("POLARIS_REALM_CONTEXT_HEADER_NAME", "Polaris-Realm") if realm and not any( name.lower() == header_name.lower() for name in header_values