Skip to content

Instantly share code, notes, and snippets.

@jozkee

jozkee/local_function_approval.mermaid

Last active February 5, 2026 03:24
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jozkee/cfb7beee9e032af749d3e0b337f79380 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jozkee/cfb7beee9e032af749d3e0b337f79380 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
local_function_approval.mermaid
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Raw
openai_mcp_call_approval.mermaid
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Raw
z_authz_token.md

These snippets show how IChatClient implementations (like Anthropic) can extract authorization token from HostedMcpServerTool.Headers.

User code:

using Anthropic;
using Microsoft.Extensions.AI;

// Create the Anthropic client (uses ANTHROPIC_API_KEY environment variable)
// Create an IChatClient using the Beta service (required for MCP connector)
IChatClient chatClient = new AnthropicClient().Beta.AsIChatClient("claude-sonnet-4-5-20250514");
// Configure the DeepWiki MCP server
ChatOptions options = new()
{
    Tools =
    [
        new HostedMcpServerTool("deepwiki", new Uri("https://mcp.deepwiki.com/sse"))
        {
            // AuthorizationToken = "your-token"
            Headers =
            {
                { "Authorization", "Bearer: your-token" },
            },
        },
    ],
};

// Send a message using the MCP server
var response = await chatClient.GetResponseAsync(
    "What can you tell me about the anthropic-sdk-csharp repository? Use the deepwiki tools to search for information.",
    options
);
Console.WriteLine(response);

IChatClient implementation code:

    case HostedMcpServerTool mcp:
        (betaHeaders ??= []).Add("mcp-client-2025-11-20");
        (mcpServers ??= []).Add(
            mcp.AllowedTools is { Count: > 0 } allowedTools
                ? new()
                {
                    Name = mcp.Name,
                    Url = mcp.ServerAddress,
+                   AuthorizationToken = GetAuthorizationFromHeaders(mcp.Headers),
                    ToolConfiguration = new()
                    {
                        AllowedTools = [.. allowedTools],
                        Enabled = true,
                    },
                }
-                : new() { Name = mcp.Name, Url = mcp.ServerAddress }
+                : new() { Name = mcp.Name, Url = mcp.ServerAddress, AuthorizationToken = GetAuthorizationFromHeaders(mcp.Headers) }
        );
        break;

+        // Helper method to extract Bearer token from headers - basically deferring the burden of extracting AuthorizationToken.
+        static string? GetAuthorizationFromHeaders(Dictionary<string, string> headers)
+        {
+            return headers?.TryGetValue(AuthorizationHeaderName, out string? value) is true &&
+            value?.StartsWith("Bearer ", StringComparison.Ordinal) is true ? 
+                value.Substring("Bearer ".Length) :
+                null;
+        }

This is how we currently use it in MEAI.OpenAI Responses: https://github.com/dotnet/extensions/blob/086890060f7f5e2f2990350ad4cd8d399b407406/src/Libraries/Microsoft.Extensions.AI.OpenAI/OpenAIResponsesChatClient.cs#L597-L623

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment