Skills
Derive tenant identity only from verified token claims — never from the request body
For multi-tenant MCP servers, extract the tenant ID at the auth middleware layer from signed token claims, attach it to a request context, and have every handler read context.tenantId rather than request.body.tenantId. Trusting callers to self-identify their tenant works for every well-behaved client and fails catastrophically for the first malicious one. Add integration tests that assert cross-tenant requests are rejected, and log both claimed and verified IDs to catch mismatches.
↳ Follow the thread