Skip to content

MCPToolset: no way to supply an elicitation callback, blocking MCP server auth challenges (SEP-1036 URL elicitation) #6422

Description

@QuentinBisson

Is your feature request related to a specific problem?

MCPToolset and MCPSessionManager accept a sampling_callback and thread it through to the underlying ClientSession (mcp_session_manager.pysession_context.py, where ClientSession(...) is constructed with sampling_callback only). There is no equivalent parameter for an elicitation callback, even though the MCP Python SDK's ClientSession supports one.

MCP has standardized URL-mode elicitation (SEP-1036, spec revision 2025-11-25: elicitation/create with mode: "url", error -32042, notifications/elicitation/complete) as the native mechanism for "the user must visit this URL", e.g. third-party OAuth consent. A server that raises a URL elicitation during a tool call today fails opaquely inside the toolset: the embedding application never sees the challenge and has no way to present the URL to the user and resume.

Note what already works: tool results are converted via response.model_dump(exclude_none=True, mode="json") (mcp_tool.py), so result meta survives and metadata-based signaling on tool results passes through fine. This issue is only about the elicitation callback wiring (unlike the Go twin below, where result _meta is also dropped).

Describe the Solution You'd Like

Accept an elicitation_callback on MCPToolset and MCPSessionManager, mirroring the existing sampling_callback plumbing end-to-end (MCPToolset.__init__MCPSessionManagerSessionContextClientSession), and surface URL-mode elicitations (including error -32042 and the completion notification) to the embedder instead of failing inside the toolset.

Impact on your work

We run agent runtimes (kagent, Go and Python) against an MCP gateway that fronts multiple backends with per-user OAuth. When a user is not yet authenticated to a backend, the gateway needs to deliver an auth challenge (login URL) to the embedding application, which maps it to the A2A auth-required task state (A2A spec §7.6). With no elicitation callback exposed, that challenge cannot reach the host application through MCPToolset.

Go twin (deeper gap, result _meta also dropped there): google/adk-go#1165.

Willingness to contribute

Yes — happy to submit the PR once maintainers agree on the shape.

Describe Alternatives You've Considered

  • Signaling the challenge via tool result meta only: works for results, but it is a workaround for what SEP-1036 defines natively, and it cannot cover elicitations raised outside a tool result (e.g. mid-call).
  • Bypassing MCPSessionManager with a hand-built ClientSession: loses the toolset's session pooling, header propagation, and retry behavior.

Proposed API / Implementation

toolset = MCPToolset(
    connection_params=StreamableHTTPConnectionParams(url=...),
    sampling_callback=my_sampling_cb,
    elicitation_callback=my_elicitation_cb,  # new, same plumbing as sampling_callback
)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions