Problem/Motivation

There are actually 2 issues here:
1. Inside /admin/config/mcp , when you click on "Enable Token Auth" checkbox nothing happens. This is because #states selector on token_with_generation is not correctly set:

 'visible' => [
   ':input[name="enable_token_auth"]' => ['checked' => TRUE],
],

instead of 

'visible' => [
  ':input[name="auth_settings[enable_token_auth]"]' => ['checked' => TRUE],
],

2. Even when configured manually via config export/import, the auth still doesn't work because authenticate() rejects Bearer tokens — only Basic scheme is accepted:

if (empty($authHeader) || stripos($authHeader, 'Basic ') !== 0) {
    throw new McpAuthException("Missing or invalid Authorization header.");
}

Steps to reproduce

1. Navigate to the MCP settings form.
2. Enable Auth → observe that the Authentication Settings fieldset appears (this works fine).
3. Check Enable Token Auth → observe that the Secret key and Token User fields never appear (Bug 1).
4. Manually set enable_token_auth: true, token_key: , and token_user: in mcp.settings config directly.
5. Send a request with Authorization: Bearer → receive 401 (Bug 2).

Comments

aalin created an issue.