Released on 2026-02-05
Resolved Issues
MCP Proxy
List Tools Respects Outbound Authorization Policy
When listing tools from an upstream MCP server, the proxy wasn't forwarding the client's authorization headers. The proxy now applies the configured outbound authorization policy to list-tools requests, ensuring proper authentication with upstream servers.
If you have token exchange (or another outbound policy) configured, the proxy will use that policy when calling the upstream server's list-tools endpoint—for example, exchanging the inbound token for an upstream-specific token and sending the appropriate Authorization header. If the outbound policy is set to unprotected, no authorization header is sent to the upstream.
This aligns list-tools behavior with other MCP proxy requests and allows upstream servers to enforce authorization consistently.
Related Documentation: