Skip to main content

I read the below aritcle. It’s awesome!!

https://blog.box.com/box-community-mcp-server-updates-you-didnt-know-you-needed

I have two questions:

  1. the authentication parameter is --box-auth, not --auth, right?
  2. I can’t connect n8n MCP Client that’s endpoint is set to http://0.0.0.0:8001/sse. I need set it to http:host.docker.internal:8001/sse. do you use a local docker and a local mcp server or not?
  3. If I set Authentication parameter “None”, the MCP Client can’t connect local MCP Server. the local MCP server displays the below error:
    1. WARNING:middleware:No token configured, rejecting all requests
      INFO:     127.0.0.1:53381 - "GET /sse HTTP/1.1" 401 Unauthorized

 

 

Hi ​@mtatsumi 

Between a publication delay and a fast pace update on the community MCP server, things got a little out of sync.

However the Github README.md is up to date.

Ever since we implemented the HTTP/SSE transports we’ve been worrying about not having any sort of authentication between the MCP clients and the MCP server. So we implemented a simple token authentication between those, independent of the Box API authentication.

Let’s first take a look at the available community MCP server parameters:

uv run src/mcp_server_box.py --help

You get:

usage: mcp_server_box.py [-h] [--transport {stdio,sse,streamable-http}] [--host HOST] [--port PORT]
                         [--box-auth {oauth,ccg}] [--no-mcp-server-auth]

Box Community MCP Server

options:
  -h, --help            show this help message and exit
  --transport {stdio,sse,streamable-http}
                        Transport type (default: stdio)
  --host HOST           Host for SSE/HTTP transport (default: 0.0.0.0)
  --port PORT           Port for SSE/HTTP transport (default: 8001)
  --box-auth {oauth,ccg}
                        Authentication type for Box API (default: oauth)
  --no-mcp-server-auth  Disable authentication (for development only)

We now have an extra parameters, --no-mcp-server-auth , that will turn off MCP Client to MCP Server authentication, This is not recommended.

Note that if using STDIO, authentication is ignored.

 

So to your question, how would this work, specifically with n8n.

You start by generating a strong token, (essentially a strong password), there are plenty of on-line services to do this, for example this API Key Generator.

 

Once you have an API Key, you add it to your .env file. For example:

BOX_CLIENT_ID = YOUR_CLIENT_ID
BOX_CLIENT_SECRET = YOUR_CLIENT_SECRET
BOX_REDIRECT_URL = http://localhost:8000/callback

BOX_MCP_SERVER_AUTH_TOKEN = YOUR_BOX_MCP_SERVER_AUTH_TOKEN

 

In n8n you create a credential of type Bearer Auth, and paste your API Key.

 

Then you adjust the configuration of your MCP client in n8n, switching the authentication to Baerer Auth, and selecting the credential you just created:

 

 

Run your MCP server using something like:

uv run src/mcp_server_box.py --transport sse --box-auth  oauth

You get:

INFO:middleware:Setting up auth middleware wrapper for transport: sse
INFO:middleware:Wrapped sse_app method
Starting Box Community MCP SSE Server on 0.0.0.0:8001
INFO:middleware:wrapped_sse_app called with mount_path=None
INFO:middleware:Adding middleware to app: 4394996736
INFO:middleware:Added OAuth discovery endpoint
INFO:middleware:Middleware added. App middleware count: 1
INFO:     Started server process [24150]
INFO:     Waiting for application startup.
INFO:     Application startup complete.
INFO:     Uvicorn running on http://0.0.0.0:8001 (Press CTRL+C to quit)

Now you can interact with n8n, for example:

Hope this helps clarify the current authentication.

 

To your other point relative to the docket container, you should be able to expose whatever port you desire, and map it to the port inside the container. From there it should be transparent to the MCP Client.


Cheers
 

 

Terms & ConditionsCookie settingsAccessibility statement