{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreidrrozqeawcs6v7nojutynicbjobhzft2fs2vx7l5ugig3scxwrey",
"uri": "at://did:plc:pgryn3ephfd2xgft23qokfzt/app.bsky.feed.post/3mhtk4hh7wsb2"
},
"path": "/t/best-practices-for-handling-user-identity-in-custom-model-serving-mcp/174594#post_1",
"publishedAt": "2026-03-24T14:43:25.000Z",
"site": "https://discuss.huggingface.co",
"textContent": "Hi everyone!\n\nI’m currently developing a custom model serving setup for my application, and I’ve run into a challenge that I think others might be facing too — **handling user identity propagation in multi‑user environments**.\n\nRight now, my service receives requests from a host client, but there isn’t a **standard way to identify the end‑user or safely pass their authentication token** through to the model server. This becomes especially tricky when building user‑specific tools like:\n\n * `get_balance(user_id)`\n\n * `get_order_status(user_id)`\n\n * other personalized endpoints that require knowing _who_ is making the request\n\n\n\n\nWhat I’d ideally like is:\n\n 1. A way to forward auth tokens securely (e.g., JWTs) from the host client to the model server\n\n 2. A reliable mechanism for distinguishing between different users so I can tailor responses correctly\n\n\n\n\nI’ve been researching and experimenting with a few workarounds, such as:\n\n * Injecting identity data as part of the tool input\n\n * Using custom pass‑through headers\n\n * Maintaining a session map on the server side\n\n\n\n\n…but nothing feels _standardized_ or clean yet.\n\n**So my questions for the community are:**\n\n * Does anyone have experience implementing **identity propagation** in an MCP or similar framework?\n\n * Are there any recommended patterns for safely passing user auth tokens to model servers?\n\n * Has anyone seen plans or discussions around adding built‑in identity support to MCP specs or inference APIs?\n\n\n\n\nAny insights, best practices, or pointers to relevant resources would be greatly appreciated!\n\nThanks in advance",
"title": "Best Practices for Handling User Identity in Custom Model Serving (MCP)"
}