diff --git a/content/docs/configuration/librechat_yaml/object_structure/mcp_servers.mdx b/content/docs/configuration/librechat_yaml/object_structure/mcp_servers.mdx index 3158ec151..43508ce9f 100644 --- a/content/docs/configuration/librechat_yaml/object_structure/mcp_servers.mdx +++ b/content/docs/configuration/librechat_yaml/object_structure/mcp_servers.mdx @@ -92,7 +92,7 @@ mcpServers: ['timeout', 'Integer', '(Optional) Timeout in milliseconds for MCP server requests. Must be a non-negative integer.', 'timeout: 30000'], ['initTimeout', 'Integer', '(Optional) Timeout in milliseconds for MCP server initialization. Must be a non-negative integer.', 'initTimeout: 10000'], ['env', 'Object', '(Optional, `stdio` type only) Environment variables to use when spawning the process.', 'env:\n NODE_ENV: "production"'], - ['requiresOAuth', 'Boolean', '(Optional, `sse` type only) Whether this server requires OAuth authentication. If not specified, will be auto-detected during server startup. Although optional, it\'s best to set this value explicitly if you know whether the server requires OAuth or not.', 'requiresOAuth: true'], + ['requiresOAuth', 'Boolean', '(Optional, remote transports: `sse`, `streamable-http`, `websocket`) Whether this server requires OAuth authentication. If not specified, will be auto-detected during server startup. Although optional, it\'s best to set this value explicitly if you know whether the server requires OAuth or not. Setting `requiresOAuth: false` is useful for servers protected by a static `Authorization` header, to skip auto-detection that would otherwise misclassify them as OAuth-protected.', 'requiresOAuth: false'], ['stderr', 'String or Integer', '(Optional, `stdio` type only) How to handle `stderr` of the child process. Options: `"pipe"`, `"ignore"`, `"inherit"`, or a non-negative integer (file descriptor). Defaults to `"inherit"`.', 'stderr: "inherit"'], ['customUserVars', 'Object', '(Optional) Defines custom variables that users can set for this MCP server, allowing for per-user credentials or configurations (e.g., API keys). These variables can then be referenced in `headers` or `env` fields.', 'customUserVars:\n API_KEY:\n title: "API Key"\n description: "Your personal API key."'], ['oauth', 'Object', '(Optional) OAuth2 configuration for authenticating with the MCP server. When configured, users will be prompted to authenticate via OAuth flow.', 'oauth:\n authorization_url: "https://example.com/oauth/authorize"\n token_url: "https://example.com/oauth/token"'], @@ -289,13 +289,14 @@ mcpServers: #### `requiresOAuth` -- **Type:** Boolean (Optional, `sse` type only) +- **Type:** Boolean (Optional, remote transports only: `sse`, `streamable-http`, `websocket`) - **Description:** Whether this server requires OAuth authentication. If not specified, will be auto-detected during server startup. Although optional, it's best to set this value explicitly if you know whether the server requires OAuth or not. - **Default Value:** Auto-detected if not specified - **Notes:** - - Only applicable to `sse` type MCP servers + - Applicable to remote (URL-based) transports: `sse`, `streamable-http`, and `websocket`. It has no effect on `stdio` servers, which have no URL to authenticate against. - Auto-detection occurs during server startup, which may add initialization time - Explicit configuration improves startup performance by skipping detection + - Set `requiresOAuth: false` for servers protected only by a static `Authorization` header (e.g. a Bearer API key). Auto-detection probes the server *without* your configured headers, so a server that answers `401` with a `WWW-Authenticate: Bearer` challenge can be misclassified as OAuth-protected; this flag bypasses that probe and lets your static header authenticate the connection normally. - Works with MCP OAuth environment variables (`MCP_OAUTH_ON_AUTH_ERROR`, `MCP_OAUTH_DETECTION_TIMEOUT`) for enhanced connection management #### `stderr`