Skip to content
AM

Bearer tokens (ZITADEL access tokens)

The public MCP surface authenticates ZITADEL JWT access tokens sent as HTTP bearer credentials. A token identifies a principal; it does not replace tenant membership, tenant policy, or per-tool visibility checks.

When to use one

Use a bearer access token for a user or machine principal that has been issued a token for the configured InBlack ZITADEL project. For public MCP, API keys and Worker service tokens are not alternatives:

CredentialPublic MCPInternal MCPProduct APIs
ZITADEL bearer tokenYesOnly with internal scope or roleEndpoint-specific
Worker service tokenNoYesInternal service-specific
Tenant API keyNoNoSupported API endpoints only
Storefront SDK keyNoNoStorefront endpoints only

Send the token

Authorization: Bearer <zitadel-access-token>

For tenant-scoped MCP requests, also send:

X-Tenant-ID: <tenant-id>

Send both headers on every request because the public MCP transport is request-scoped and stateless.

Validation

The Worker verifies:

  1. A bearer token is present.
  2. The JWT signature resolves through the configured issuer’s JWKS.
  3. The signing algorithm is allowed.
  4. The issuer matches the environment.
  5. The audience matches a configured ZITADEL project audience.
  6. The JWT is within its valid lifetime.
  7. sub is present.

Production issuer: https://auth.inblack.app

Staging issuer: https://auth.staging.inblack.app

The audience value is a deployment project ID, not api.inblack.app or another inferred hostname.

Principal context

After verification, the Worker extracts subject, optional profile fields, scopes, audiences, and ZITADEL project roles. It classifies tokens with openid or profile claims as human principals and other tokens as machine principals.

Tenant selection is separate. X-Tenant-ID chooses the tenant context, then the Worker obtains tenant policy using the bearer token and filters tools. A valid token for a principal without access to that tenant does not gain access by sending its ID.

Expiration and storage

Use the token’s exp claim as the authority for expiration; the guide does not assume a universal one-hour lifetime. When a token expires, obtain a new token through the supported issuing client or administrator flow.

Treat access tokens as secrets:

  • Keep them out of source control, logs, URLs, screenshots, and shared configuration.
  • Prefer an OS keychain or the client’s secret/environment facility.
  • Replace tokens in transitional MCP client configuration when they expire.
  • Do not send production tokens to staging or staging tokens to production.

Errors

ErrorMeaning
missing_bearer_tokenNo usable Authorization: Bearer header
invalid_bearer_tokenSignature, issuer, audience, lifetime, algorithm, or claim validation failed
insufficient_scopeInternal MCP token lacks the internal scope or role
tenant_policy_unavailableTenant policy could not be verified for the principal and tenant