[BUG][AUTH]: Multi-team users denied access to non-primary teams and cannot see public resources from other teams

[childrenofaqsa]

Here’s the updated bug issue content with the added case included in the Steps to Reproduce:

🐞 Bug Summary

Users who belong to any team cannot see public tools owned by other teams in the list tools API, and filtering by a different team than the token’s team ID returns 403—even when the user is a member of that team.

---

🧩 Affected Component

Select the area of the project impacted:

• mcpgateway - API
• mcpgateway - UI (admin panel)
• mcpgateway.wrapper - stdio wrapper
• Federation or Transports
• CLI, Makefiles, or shell scripts
• Container setup (Docker/Podman/Compose)
• Other (explain below)

---

🔁 Steps to Reproduce

1. Create Team A and Team B.
2. Add the same user to both Team A and Team B.
3. Issue a token for that user where the first team in the token is Team A.
4. Call list tools API with team_id=Team B and observe 403 due to team-id mismatch with token.
5. Create a public tool owned by Team B.
6. Call list tools API without a team filter and observe Team B public tool is missing.

---

🤔 Expected Behavior

Public tools should be visible to all users regardless of team membership, and filtering by another team should allow access if the user is a member of that team—even if the token’s “first team” differs.

---

📓 Logs / Error Output

{
"message": "Access issue: This API token does not have the required permissions for this team."
}

---

🧠 Environment Info

You can retrieve most of this from the /version endpoint.

Key	Value
Version or commit	1.0.0-BETA-1
Runtime	Python 3.13
Platform / OS	Windows 10.0.26100
Container	none

---

🧩 Additional Context (optional)

in mcpgateway/auth.py: token parsing returns only the first team from the JWT payload

mcp-context-forge/mcpgateway/auth.py

Lines 157 to 159 in aba7f4c

	team_id = payload.get("teams")[0] if payload.get("teams") else None
	if isinstance(team_id, dict):
	team_id = team_id.get("id")

, via, so in mcpgateway/main.py the mismatch check at team_id vs token_team_id only considers that first team and ignores any other teams in the token:

mcp-context-forge/mcpgateway/main.py

Lines 2637 to 2644 in aba7f4c

	token_team_id = getattr(request.state, "team_id", None)
	# Check for team ID mismatch
	if team_id is not None and token_team_id is not None and team_id != token_team_id:
	return JSONResponse(
	content={"message": "Access issue: This API token does not have the required permissions for this team."},
	status_code=status.HTTP_403_FORBIDDEN,
	)

[crivetimihai]

Thanks for the detailed bug report! @childrenofaqsa! I've completed a deep-dive analysis and confirmed this issue is valid and already being worked on as part of #2185

Root Cause Analysis

1. Single Team Extraction from JWT

In mcpgateway/auth.py:183, the get_team_from_token() function extracts only the first team:

team_id = payload.get("teams")[0] if payload.get("teams") else None

This sets request.state.team_id to a single value, discarding all other teams the user belongs to.

2. Flawed Team Validation in Endpoints

Throughout main.py, the team validation logic compares only against this single token_team_id:

# main.py:4588-4592 (gateways), 3183-3187 (tools), and ~10 other locations
if team_id is not None and token_team_id is not None and team_id != token_team_id:
    return 403  # "This API token does not have the required permissions for this team."

For a user with teams [TeamA, TeamB]:

• token_team_id = "TeamA" (first team only)
• Request ?team_id=TeamB → TeamB != TeamA → 403 Forbidden
• Even though the token legitimately includes TeamB

3. Forced Team Filtering Hides Public Resources

In main.py:4595 (gateways) and main.py:3192 (tools):

team_id = team_id or token_team_id

When no team_id filter is explicitly requested, the endpoint forces filtering by the first team from the token. This causes the service to take a branch that filters strictly by that team, excluding public resources from other teams.

Architectural Inconsistency

The codebase already has the correct implementation in several places:

Component	Status
token_scoping.py middleware	✅ Correctly uses ALL teams
_get_token_teams_from_request() helper	✅ Correctly extracts ALL teams
tool_service.list_tools()	✅ Accepts token_teams parameter
Endpoint layer in main.py	❌ Uses single request.state.team_id
gateway_service.list_gateways()	❌ Missing token_teams parameter

The endpoint-layer code creates a bottleneck before the service layer can properly handle multi-team access.

---

Related Issue: #2185

This issue is directly related to #2185 (Non-Admin user unable to list public gateways).

Both share the same root cause - forced single-team filtering. In #2185:

• Non-admin user lists gateways without a team filter
• main.py:4595 forces team_id = token_team_id (first team)
• Service filters by that team, excluding public gateways from other teams

---

Affected Code Paths

Location	Issue
auth.py:183,659,705	Only extracts first team from token
main.py:4585,4588-4592,4595	Gateway endpoint single-team validation
main.py:3179,3183-3187,3192	Tool endpoint single-team validation
main.py:2139,2231,2739,2858,3258,3666,3738,4125,4199	Same pattern in 9+ other endpoints
gateway_service.py:1336-1444	Missing token_teams parameter support

---

Suggested Fix Approach

1. Modify team validation to check if requested team_id is in the full list of user's teams (using _get_token_teams_from_request()), not just comparing against first team.

2. Remove forced team filtering (team_id = team_id or token_team_id) to allow unfiltered requests to return all accessible resources including public ones.

3. Add token_teams parameter to gateway_service.list_gateways() to match the pattern in tool_service.list_tools().

4. Consider storing all teams in request.state.team_ids (plural) instead of just first team in request.state.team_id.