Description
Is your feature request related to a problem? Please describe.
#166 allows to pass AuthInfo to the tool execution, but the patch was only applied to sse and not to streamableHTTP so it only works for version 2024-11-05.
In general it would be nicer to let dev whitelist headers that can be passed to the tools execution code because most of the time oauth is not performed by the MCP server itself.
Describe the solution you'd like
At minimum make streamableHTTP consistent, ideally make it more granular so devs can decide what headers should be passed. For example in Kubernetes it is pretty frequent that the ingress (or an api gateway) performs the authentication and when the server receives the call it is already authenticated, the auth gateway might have added headers such as the username, ... which can be useful for the tool execution code.
One option would be to define a req property let's say toolsExtra that can be populated by an upstream middleware.