Fix issue #108 (#111)

* Fix auth system issues 

Issue 1: Config file endpoint not applied
- Transfer all config values to args namespace before validation
- CLI arguments take precedence over config file
- 38 settings now transferred (endpoint, protocol, mode, timeout, etc)

Issue 3: HTTP auth headers never applied
- Integrate create_transport_with_auth() into client/__init__.py
- Auth headers now applied to all HTTP/HTTPS requests
- Enhanced logging at DEBUG level

Issue 4: OAuth provider design
- OAuth correctly uses header-based auth (RFC 6750)
- Added documentation explaining why params are empty

Issue 5: API Key auth ignores custom prefix
- Add customizable prefix parameter to APIKeyAuth
- Supports Bearer, Token, Custom, or empty prefix
- Updated factory functions and config loaders

Issue 6: Poor error messages for auth config
- Add field-level validation for each auth type
- Show which field is missing with example config
- Include provider name in error messages

* Fix ruff linting errors: line length and f-string formatting

* Update documentation: code quality guidelines and authentication system reference

* fix ci

* resolve comments

Author: Agent-Hellboy

docs/configuration/configuration.md

@@ -117,7 +117,7 @@ auth:
       username: "${USERNAME}"
       password: "${PASSWORD}"
 
-  tool_mappings:
+tool_mapping:
     openai_chat: openai_api
     github_search: github_api
     secure_tool: basic_auth
@@ -229,7 +229,7 @@ type = "basic"
 username = "${USERNAME}"
 password = "${PASSWORD}"
 
-[auth.tool_mappings]
+[auth.tool_mapping]
 openai_chat = "openai_api"
 github_search = "github_api"
 secure_tool = "basic_auth"

docs/development/contributing.md

@@ -204,14 +204,27 @@ repos:
 
 - **Python**: Follow PEP 8 style guide
 
-- **Line Length**: Maximum 88 characters (Black default)
+- **Line Length**: Maximum 88 characters (enforced by Ruff)
+  - Break long lines across multiple statements
+  - Use implicit line continuation for function signatures and strings
+  - Avoid f-strings without placeholders
+
+- **F-strings**: Always include placeholders when using f-strings
+  - Use regular strings for static messages
+  - Extract complex expressions to variables if needed
 
 - **Imports**: Use absolute imports, group by standard library, third-party, local
 
 - **Type Hints**: Use type hints for all function parameters and return values
 
 - **Documentation**: Include docstrings for all public functions and classes
 
+- **Logging**: Use appropriate logging levels
+  - DEBUG: Tool call notifications and detailed execution flow
+  - INFO: Important state changes and user-facing information
+  - WARNING: Potential issues that don't prevent execution
+  - ERROR: Errors that require attention
+
 ## Documentation
 
 ### Building Documentation

docs/development/reference.md

@@ -95,9 +95,95 @@ Notes:
 |----------|-------------|
 | `MCP_API_KEY` | API key for authentication |
 | `MCP_HEADER_NAME` | Header name for API key (default: Authorization) |
+| `MCP_PREFIX` | Prefix for API key value (default: Bearer) |
 | `MCP_USERNAME` | Username for basic authentication |
 | `MCP_PASSWORD` | Password for basic authentication |
 | `MCP_OAUTH_TOKEN` | OAuth token for authentication |
+| `MCP_CUSTOM_HEADERS` | Custom headers as JSON string for authentication |
+| `MCP_TOOL_AUTH_MAPPING` | Map tool names to auth providers as JSON |
+
+## Authentication System Reference
+
+### Authentication Providers
+
+The authentication system supports multiple provider types with configurable options:
+
+#### API Key Authentication
+
+```json
+{
+  "type": "api_key",
+  "api_key": "YOUR_API_KEY",
+  "header_name": "Authorization",
+  "prefix": "Bearer"
+}
+```
+
+- **api_key** (required): The API key value
+- **header_name** (optional): HTTP header to place the key in (default: "Authorization")
+- **prefix** (optional): Value prefix for the header (default: "Bearer"). Set to empty string for no prefix.
+
+#### Basic Authentication
+
+```json
+{
+  "type": "basic",
+  "username": "user",
+  "password": "password"
+}
+```
+
+- **username** (required): Username for basic auth
+- **password** (required): Password for basic auth
+
+#### OAuth Token Authentication
+
+```json
+{
+  "type": "oauth",
+  "token": "YOUR_TOKEN",
+  "token_type": "Bearer"
+}
+```
+
+- **token** (required): OAuth token value
+- **token_type** (optional): Token type for Authorization header (default: "Bearer")
+
+#### Custom Headers Authentication
+
+```json
+{
+  "type": "custom",
+  "headers": {
+    "X-Custom-Header": "value",
+    "X-Another-Header": "another-value"
+  }
+}
+```
+
+- **headers** (required): Dictionary of custom headers to include
+
+### Tool-to-Auth Mapping
+
+Map specific tools to authentication providers:
+
+```json
+{
+  "tool_mapping": {
+    "openai_chat": "openai_api",
+    "github_search": "github_api",
+    "default_tool": "basic_auth"
+  }
+}
+```
+
+### Error Messages
+
+The authentication system provides detailed error messages for configuration issues:
+
+- Missing required fields indicate which provider type and field is missing
+- Expected configuration format is provided in error messages
+- Type validation errors show the received vs. expected type
 
 ## Runtime Management API Reference
 
@@ -1210,7 +1296,7 @@ mcp-fuzzer --mode tools --protocol http --endpoint http://localhost:8000 --tool-
       "password": "password"
     }
   },
-  "tool_mappings": {
+  "tool_mapping": {
     "openai_chat": "openai_api",
     "github_search": "github_api",
     "secure_tool": "basic_auth"

docs/getting-started/examples.md

@@ -107,7 +107,7 @@ Create `auth_config.json`:
       "header_name": "Authorization"
     }
   },
-  "tool_mappings": {
+  "tool_mapping": {
     "openai_chat": "openai_api",
     "github_search": "github_api"
   }

docs/getting-started/getting-started.md

@@ -196,7 +196,7 @@ Create `auth_config.json`:
       "password": "password"
     }
   },
-  "tool_mappings": {
+  "tool_mapping": {
     "openai_chat": "openai_api",
     "github_search": "github_api",
     "secure_tool": "basic_auth"

examples/auth_config.json

@@ -1,8 +1,9 @@
 {
+  "default_provider": "api_key",
   "providers": {
     "api_key": { "type": "api_key", "api_key": "secret123", "header_name": "Authorization" }
   },
-  "tool_mappings": {
+  "tool_mapping": {
     "secure_tool": "api_key"
   }
 }

mcp_fuzzer/auth/loaders.py

@@ -1,4 +1,5 @@
 import json
+import logging
 import os
 
 from .manager import AuthManager
@@ -9,12 +10,23 @@
     create_custom_header_auth,
 )
 
+logger = logging.getLogger(__name__)
+
 def setup_auth_from_env() -> AuthManager:
     auth_manager = AuthManager()
 
     api_key = os.getenv("MCP_API_KEY")
+    header_name = os.getenv("MCP_HEADER_NAME")
+    prefix = os.getenv("MCP_PREFIX")
     if api_key:
-        auth_manager.add_auth_provider("api_key", create_api_key_auth(api_key))
+        auth_manager.add_auth_provider(
+            "api_key",
+            create_api_key_auth(
+                api_key,
+                header_name if header_name is not None else "Authorization",
+                prefix if prefix is not None else "Bearer",
+            ),
+        )
 
     username = os.getenv("MCP_USERNAME")
     password = os.getenv("MCP_PASSWORD")
@@ -36,8 +48,8 @@ def setup_auth_from_env() -> AuthManager:
                 auth_manager.add_auth_provider(
                     "custom", create_custom_header_auth(headers)
                 )
-        except (json.JSONDecodeError, TypeError):
-            pass
+        except (json.JSONDecodeError, TypeError) as exc:
+            logger.debug("Failed to parse MCP_CUSTOM_HEADERS as JSON: %s", exc)
 
     tool_mapping = os.getenv("MCP_TOOL_AUTH_MAPPING")
     if tool_mapping:
@@ -48,8 +60,12 @@ def setup_auth_from_env() -> AuthManager:
                     auth_manager.map_tool_to_auth(
                         str(tool_name), str(auth_provider_name)
                     )
-        except (json.JSONDecodeError, TypeError):
-            pass
+        except (json.JSONDecodeError, TypeError) as exc:
+            logger.debug("Failed to parse MCP_TOOL_AUTH_MAPPING as JSON: %s", exc)
+
+    default_provider = os.getenv("MCP_DEFAULT_AUTH_PROVIDER")
+    if default_provider:
+        auth_manager.set_default_provider(default_provider)
 
     return auth_manager
 
@@ -64,41 +80,109 @@ def load_auth_config(config_file: str) -> AuthManager:
 
     providers = config.get("providers", {})
     for name, provider_config in providers.items():
-        provider_type = provider_config.get("type")
-        if provider_type == "api_key":
-            auth_manager.add_auth_provider(
-                name,
-                create_api_key_auth(
-                    provider_config["api_key"],
-                    provider_config.get("header_name", "Authorization"),
-                ),
-            )
-        elif provider_type == "basic":
-            auth_manager.add_auth_provider(
-                name,
-                create_basic_auth(
-                    provider_config["username"], provider_config["password"]
-                ),
+        if not isinstance(provider_config, dict):
+            raise ValueError(
+                f"Error configuring auth provider '{name}': "
+                f"expected an object, got {type(provider_config).__name__}"
             )
-        elif provider_type == "oauth":
-            auth_manager.add_auth_provider(
-                name,
-                create_oauth_auth(
-                    provider_config["token"],
-                    provider_config.get("token_type", "Bearer"),
-                ),
-            )
-        elif provider_type == "custom":
-            headers = provider_config.get("headers")
-            if not isinstance(headers, dict):
-                raise ValueError(f"Provider '{name}' custom headers must be a dict")
-            headers_str: dict[str, str] = {str(k): str(v) for k, v in headers.items()}
-            auth_manager.add_auth_provider(name, create_custom_header_auth(headers_str))
-        else:
-            raise ValueError(f"Unknown provider type: {provider_type}")
-
-    tool_mappings = config.get("tool_mapping", {})
-    for tool_name, auth_provider_name in tool_mappings.items():
+        provider_type = provider_config.get("type")
+        
+        try:
+            if provider_type == "api_key":
+                if "api_key" not in provider_config:
+                    raise ValueError(
+                        f"Provider '{name}' is type 'api_key' but missing "
+                        "required field 'api_key'. Expected: "
+                        "{'type': 'api_key', 'api_key': 'YOUR_API_KEY'}"
+                    )
+                auth_manager.add_auth_provider(
+                    name,
+                    create_api_key_auth(
+                        provider_config["api_key"],
+                        provider_config.get("header_name", "Authorization"),
+                        provider_config.get("prefix", "Bearer"),
+                    ),
+                )
+            elif provider_type == "basic":
+                if "username" not in provider_config:
+                    raise ValueError(
+                        f"Provider '{name}' is type 'basic' but missing "
+                        "required field 'username'. Expected: "
+                        "{'type': 'basic', 'username': 'user', 'password': 'pass'}"
+                    )
+                if "password" not in provider_config:
+                    raise ValueError(
+                        f"Provider '{name}' is type 'basic' but missing "
+                        "required field 'password'. Expected: "
+                        "{'type': 'basic', 'username': 'user', 'password': 'pass'}"
+                    )
+                auth_manager.add_auth_provider(
+                    name,
+                    create_basic_auth(
+                        provider_config["username"], provider_config["password"]
+                    ),
+                )
+            elif provider_type == "oauth":
+                if "token" not in provider_config:
+                    raise ValueError(
+                        f"Provider '{name}' is type 'oauth' but missing "
+                        "required field 'token'. Expected: "
+                        "{'type': 'oauth', 'token': 'YOUR_TOKEN'}"
+                    )
+                auth_manager.add_auth_provider(
+                    name,
+                    create_oauth_auth(
+                        provider_config["token"],
+                        provider_config.get("token_type", "Bearer"),
+                    ),
+                )
+            elif provider_type == "custom":
+                headers = provider_config.get("headers")
+                if not headers:
+                    raise ValueError(
+                        f"Provider '{name}' is type 'custom' but missing "
+                        "required field 'headers'. Expected: "
+                        "{'type': 'custom', 'headers': {'X-Header': 'value'}}"
+                    )
+                if not isinstance(headers, dict):
+                    raise ValueError(
+                        f"Provider '{name}' custom headers must be a dict, "
+                        f"got {type(headers).__name__}"
+                    )
+                headers_str: dict[str, str] = {
+                    str(k): str(v) for k, v in headers.items()
+                }
+                auth_manager.add_auth_provider(
+                    name, create_custom_header_auth(headers_str)
+                )
+            else:
+                raise ValueError(
+                    f"Unknown provider type: '{provider_type}' for provider '{name}'. "
+                    f"Supported types: api_key, basic, oauth, custom"
+                )
+        except (KeyError, ValueError) as e:
+            raise ValueError(f"Error configuring auth provider '{name}': {str(e)}")
+
+    tool_mappings = config.get("tool_mapping")
+    legacy_tool_mappings = config.get("tool_mappings")
+    if tool_mappings and legacy_tool_mappings:
+        raise ValueError(
+            "Both 'tool_mapping' and legacy 'tool_mappings' are defined. "
+            "Please use only 'tool_mapping'."
+        )
+
+    final_tool_mappings = tool_mappings or legacy_tool_mappings or {}
+    if final_tool_mappings and not isinstance(final_tool_mappings, dict):
+        raise ValueError(
+            f"'tool_mapping' must be a dict, "
+            f"got {type(final_tool_mappings).__name__}"
+        )
+
+    for tool_name, auth_provider_name in final_tool_mappings.items():
         auth_manager.map_tool_to_auth(tool_name, auth_provider_name)
 
+    default_provider = config.get("default_provider")
+    if default_provider:
+        auth_manager.set_default_provider(default_provider)
+
     return auth_manager