From 18d9217fd7a50797aa44ce0355077e7349fcd1a2 Mon Sep 17 00:00:00 2001
From: Abdul Aziz Barkat <48156568+abarkat99@users.noreply.github.com>
Date: Tue, 17 Jun 2025 22:38:58 +0530
Subject: [PATCH] Return a 401 error for missing token

---
 mcp_auth.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/mcp_auth.py b/mcp_auth.py
index cb2195e..ec7f54a 100644
--- a/mcp_auth.py
+++ b/mcp_auth.py
@@ -44,7 +44,7 @@
 # OAuth scopes
 SCOPES = ["openid", "profile", "email", "User.Read"]
 
-security = HTTPBearer()
+security = HTTPBearer(auto_error=False)
 
 # Development API Key (for testing only)
 DEV_API_KEY = os.getenv("DEV_API_KEY", "dev-test-key-12345")
@@ -511,6 +511,11 @@ def validate_token(self, token: str) -> Dict[str, Any]:
 
 def get_current_user(credentials: HTTPAuthorizationCredentials = Depends(security)):
     """Dependency to get current authenticated user"""
+    if credentials is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Missing token"
+        )
     auth_service = MCPAuthService(os.getenv("BASE_URL", "http://localhost:8000"))
     return auth_service.validate_token(credentials.credentials)