>>> [!note] Migrated issue <!-- Drupal.org comment --> <!-- Migrated from issue #3584901. --> Reported by: [aalin](https://www.drupal.org/user/2941961) >>> <h3 id="summary-problem-motivation">Problem/Motivation</h3> <p>There are actually 2 issues here:<br> 1. Inside /admin/config/mcp , when you click on "Enable Token Auth" checkbox nothing happens. This is because #states selector on token_with_generation is not correctly set:</p> <pre> 'visible' =&gt; [<br>&nbsp;&nbsp; ':input[name="enable_token_auth"]' =&gt; ['checked' =&gt; TRUE],<br>],</pre><p> instead of </p> <pre>'visible' =&gt; [<br>&nbsp; ':input[name="auth_settings[enable_token_auth]"]' =&gt; ['checked' =&gt; TRUE],<br>],</pre><p>2. Even when configured manually via config export/import, the auth still doesn't work because authenticate() rejects Bearer tokens &mdash; only Basic scheme is accepted:</p> <pre>if (empty($authHeader) || stripos($authHeader, 'Basic ') !== 0) {<br>&nbsp;&nbsp;&nbsp; throw new McpAuthException("Missing or invalid Authorization header.");<br>}</pre><h4 id="summary-steps-reproduce">Steps to reproduce</h4> <p>1. Navigate to the MCP settings form.<br> 2. Enable Auth &rarr; observe that the Authentication Settings fieldset appears (this works fine).<br> 3. Check Enable Token Auth &rarr; observe that the Secret key and Token User fields never appear (Bug 1).<br> 4. Manually set enable_token_auth: true, token_key: <key-id>, and token_user: <uid> in mcp.settings config directly.<br> 5. Send a request with Authorization: Bearer <token> &rarr; receive 401 (Bug 2).</token></uid></key-id></p>