Skip to content

fix: in oci_database_mcp_server handle API key auth when security_tok…#149

Open
germanviscuso wants to merge 1 commit intooracle:mainfrom
germanviscuso:fix/api-key-auth-security-token-keyerror
Open

fix: in oci_database_mcp_server handle API key auth when security_tok…#149
germanviscuso wants to merge 1 commit intooracle:mainfrom
germanviscuso:fix/api-key-auth-security-token-keyerror

Conversation

@germanviscuso
Copy link
Member

@germanviscuso germanviscuso commented Feb 24, 2026

…en_file is absent

The original code unconditionally accessed config['security_token_file'], causing a KeyError for users authenticating with API keys. Added a check so token-based auth is only used when the key is present in the config.

Description

The get_database_client() function in src/oci-database-mcp-server/oracle/oci_database_mcp_server/server.py unconditionally accessed config["security_token_file"], causing a KeyError for any user authenticating with standard API keys. This is because API key-based OCI configs do not include a security_token_file entry — only token-based (session) auth configs do.

The fix adds a conditional check (if "security_token_file" in config) so that token-based signing is only used when the key is actually present, and API key auth falls through to the standard DatabaseClient instantiation.

Fixes # (issue)

Type of change

  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

The fix was verified by running the MCP server locally against a real OCI tenancy using standard API key authentication (no security_token_file in ~/.oci/config). Prior to the fix, any call to list_autonomous_databases (and all other database operations) would fail immediately with KeyError: 'security_token_file'. After the fix, all operations complete successfully.

Test Configuration:

  • OCI CLI config: API key auth (~/.oci/config, DEFAULT profile, no security token)
  • OCI SDK: oci==2.160.0
  • Python: 3.13
  • Platform: macOS
  • MCP server version: oracle.oci-database-mcp-server 1.0.4

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@germanviscuso
fix: in oci_database_mcp_server handle API key auth when security_tok…
1d74e6c 
…en_file is absent

The original code unconditionally accessed config['security_token_file'],
causing a KeyError for users authenticating with API keys. Added a check
so token-based auth is only used when the key is present in the config.
@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Feb 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AlaaShaker AlaaShaker Awaiting requested review from AlaaShaker AlaaShaker is a code owner

@gebhardtr gebhardtr Awaiting requested review from gebhardtr gebhardtr is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

OCA Verified All contributors have signed the Oracle Contributor Agreement.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@germanviscuso