Skip to content

Dynamic Tool Filtering Based on User Authentication #168

New issue
New issue
Open
Open
Dynamic Tool Filtering Based on User Authentication#168
Labels
enhancementNew feature or request
@olarcherc24

Description

@olarcherc24
olarcherc24
opened on Jun 11, 2025

Dynamic Tool Filtering Based on User Authentication

Problem

I'm trying to restrict the exposed tools dynamically based on the requesting user.

For example, assume I have two exposed tools:

  • get_user_data
  • delete_user

Then if the client authenticates with API key xxx they should see both endpoints, but with API key yyy only get_user_data.

Current Limitation

From my understanding, the only way to limit the exposed operations is to use include_operations when setting up the MCP server:

mcp = FastApiMCP(app, include_operations=["get_user_data"])

However, this appears to be a static setting that applies to the entire server / all clients.

Question

Is there any way to control this behavior dynamically?

I need different API keys to see different sets of tools, but include_operations seems to be a server-wide configuration rather than a per-client setting.

Use Case

  • API key ADMIN_KEY should see: get_user_data, delete_user
  • API key USER_KEY should see: get_user_data only

Currently, I can authenticate at the FastAPI endpoint level, but I need similar filtering for which MCP tools are exposed to each authenticated client.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions