fix(web): correct MCP forward-identity header copy; guard toggle hydration (#37176)

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

api/core/tools/mcp_tool/tool.py

@@ -30,7 +30,7 @@ logger = logging.getLogger(__name__)
 # Custom header used to carry the forwarded SSO access token. Picked to avoid
 # stomping on the workspace-scoped Authorization header (provider OAuth /
 # user-supplied custom credentials), which would silently break those flows.
-FORWARDED_IDENTITY_HEADER = "X-Dify-SSO-Access-Token"
+FORWARDED_IDENTITY_HEADER = "X-Dify-SSO-Token"
 
 
 class MCPTool(Tool):
@@ -305,7 +305,7 @@ class MCPTool(Tool):
 
         # Forwarded identity rides in a custom header so workspace-scoped
         # provider credentials (Authorization / custom Headers) keep working
-        # untouched. The MCP server is expected to read X-Dify-SSO-Access-Token
+        # untouched. The MCP server is expected to read X-Dify-SSO-Token
         # when identity forwarding is configured.
         forward_identity_active = False
         if self._forwarding_requested and user_id:
@@ -338,7 +338,7 @@ class MCPTool(Tool):
         audience: str,
     ) -> None:
         """Call the enterprise IssueMCPToken endpoint and stamp the issued
-        token into X-Dify-SSO-Access-Token.
+        token into X-Dify-SSO-Token.
 
         A custom header is used (rather than Authorization) so it composes
         with workspace-scoped provider credentials — the user may have OAuth

api/services/enterprise/enterprise_service.py

@@ -141,7 +141,7 @@ class EnterpriseService:
         the calling Dify user, audience-scoped to the given MCP server identifier.
 
         Used by MCPTool.invoke_remote_mcp_tool to stamp the
-        X-Dify-SSO-Access-Token header on outbound MCP requests when the
+        X-Dify-SSO-Token header on outbound MCP requests when the
         provider's identity_mode is set to "idp_token".
 
         Returns:

api/tests/unit_tests/core/tools/test_mcp_tool.py

@@ -177,7 +177,7 @@ def _build_forwarding_tool(*, mode: str = "idp_token") -> MCPTool:
 
 
 def test_inject_forwarded_identity_stamps_custom_header():
-    """The minted SSO token must be placed in X-Dify-SSO-Access-Token; the
+    """The minted SSO token must be placed in X-Dify-SSO-Token; the
     workspace-scoped Authorization header and any other custom headers must
     pass through untouched so provider credentials keep working."""
     from core.tools.mcp_tool.tool import FORWARDED_IDENTITY_HEADER

web/app/components/tools/mcp/__tests__/modal.spec.tsx

@@ -864,5 +864,49 @@ describe('MCPModal', () => {
         )
       })
     })
+
+    // Regression: editing a provider saved with identity_mode="idp_token" must
+    // hydrate the toggle ON (issue: it showed off despite the persisted value).
+    it('hydrates the toggle ON when editing a provider with identity_mode="idp_token"', () => {
+      enableRefreshCapableSSO()
+      const mockData = {
+        id: 'existing-idp',
+        name: 'srv',
+        server_url: 'https://example.com/mcp',
+        server_identifier: 'srv-id',
+        icon: { content: '🔗', background: '#6366F1' },
+        identity_mode: 'idp_token',
+      } as unknown as ToolWithProvider
+
+      render(
+        <MCPModal {...defaultProps} data={mockData} />,
+        { wrapper: createWrapper() },
+      )
+
+      expect(
+        screen.getByRole('switch', { name: 'tools.mcp.modal.forwardUserIdentity' }),
+      ).toBeChecked()
+    })
+
+    it('hydrates the toggle OFF when editing a provider with identity_mode="off"', () => {
+      enableRefreshCapableSSO()
+      const mockData = {
+        id: 'existing-off',
+        name: 'srv',
+        server_url: 'https://example.com/mcp',
+        server_identifier: 'srv-id',
+        icon: { content: '🔗', background: '#6366F1' },
+        identity_mode: 'off',
+      } as unknown as ToolWithProvider
+
+      render(
+        <MCPModal {...defaultProps} data={mockData} />,
+        { wrapper: createWrapper() },
+      )
+
+      expect(
+        screen.getByRole('switch', { name: 'tools.mcp.modal.forwardUserIdentity' }),
+      ).not.toBeChecked()
+    })
   })
 })

web/i18n/ar-TN/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "إضافة وتفويض",
   "mcp.modal.editTitle": "تعديل خادم MCP (HTTP)",
   "mcp.modal.forwardUserIdentity": "إعادة توجيه هوية المستخدم",
-  "mcp.modal.forwardUserIdentityTip": "أرسل هوية المستخدم المُتحقَّق منها عبر SSO إلى خادم MCP هذا كرمز Authorization Bearer. يتطلب Dify Enterprise SSO.",
+  "mcp.modal.forwardUserIdentityTip": "أرسل هوية المستخدم المُتحقَّق منها عبر SSO إلى خادم MCP هذا في ترويسة X-Dify-SSO-Token. يتطلب Dify Enterprise SSO.",
   "mcp.modal.headerKey": "اسم الرأس",
   "mcp.modal.headerKeyPlaceholder": "على سبيل المثال، Authorization",
   "mcp.modal.headerValue": "قيمة الرأس",

web/i18n/de-DE/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "Hinzufügen & Autorisieren",
   "mcp.modal.editTitle": "MCP-Server bearbeiten (HTTP)",
   "mcp.modal.forwardUserIdentity": "Benutzeridentität weiterleiten",
-  "mcp.modal.forwardUserIdentityTip": "Sendet die verifizierte SSO-Identität des aufrufenden Benutzers als Authorization-Bearer-Token an diesen MCP-Server. Erfordert Dify Enterprise SSO.",
+  "mcp.modal.forwardUserIdentityTip": "Sendet die verifizierte SSO-Identität des aufrufenden Benutzers im X-Dify-SSO-Token-Header an diesen MCP-Server. Erfordert Dify Enterprise SSO.",
   "mcp.modal.headerKey": "Kopfzeilenname",
   "mcp.modal.headerKeyPlaceholder": "z.B., Autorisierung",
   "mcp.modal.headerValue": "Header-Wert",

web/i18n/en-US/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "Add & Authorize",
   "mcp.modal.editTitle": "Edit MCP Server (HTTP)",
   "mcp.modal.forwardUserIdentity": "Forward user identity",
-  "mcp.modal.forwardUserIdentityTip": "Send the calling user's verified SSO identity to this MCP server as an Authorization Bearer token. Requires Dify Enterprise SSO.",
+  "mcp.modal.forwardUserIdentityTip": "Forward the calling user's verified SSO identity to this MCP server in the X-Dify-SSO-Token header. Requires Dify Enterprise SSO.",
   "mcp.modal.headerKey": "Header Name",
   "mcp.modal.headerKeyPlaceholder": "e.g., Authorization",
   "mcp.modal.headerValue": "Header Value",

web/i18n/es-ES/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "Añadir y Autorizar",
   "mcp.modal.editTitle": "Editar servidor MCP (HTTP)",
   "mcp.modal.forwardUserIdentity": "Reenviar identidad del usuario",
-  "mcp.modal.forwardUserIdentityTip": "Envía la identidad SSO verificada del usuario que realiza la llamada a este servidor MCP como un token Authorization Bearer. Requiere Dify Enterprise SSO.",
+  "mcp.modal.forwardUserIdentityTip": "Envía la identidad SSO verificada del usuario que realiza la llamada a este servidor MCP en el encabezado X-Dify-SSO-Token. Requiere Dify Enterprise SSO.",
   "mcp.modal.headerKey": "Nombre del encabezado",
   "mcp.modal.headerKeyPlaceholder": "por ejemplo, Autorización",
   "mcp.modal.headerValue": "Valor del encabezado",

web/i18n/fa-IR/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "افزودن و مجوزدهی",
   "mcp.modal.editTitle": "ویرایش سرور MCP (HTTP)",
   "mcp.modal.forwardUserIdentity": "ارسال هویت کاربر",
-  "mcp.modal.forwardUserIdentityTip": "هویت SSO تأییدشدهٔ کاربر فراخواننده را به‌عنوان توکن Authorization Bearer به این سرور MCP ارسال می‌کند. به Dify Enterprise SSO نیاز دارد.",
+  "mcp.modal.forwardUserIdentityTip": "هویت SSO تأییدشدهٔ کاربر فراخواننده را در هدر X-Dify-SSO-Token به این سرور MCP ارسال می‌کند. به Dify Enterprise SSO نیاز دارد.",
   "mcp.modal.headerKey": "نام هدر",
   "mcp.modal.headerKeyPlaceholder": "Authorization",
   "mcp.modal.headerValue": "مقدار هدر",

web/i18n/fr-FR/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "Ajouter & Authoriser",
   "mcp.modal.editTitle": "Modifier le Serveur MCP (HTTP)",
   "mcp.modal.forwardUserIdentity": "Transférer l'identité de l'utilisateur",
-  "mcp.modal.forwardUserIdentityTip": "Envoie l'identité SSO vérifiée de l'utilisateur appelant à ce serveur MCP en tant que jeton Authorization Bearer. Nécessite Dify Enterprise SSO.",
+  "mcp.modal.forwardUserIdentityTip": "Envoie l'identité SSO vérifiée de l'utilisateur appelant à ce serveur MCP dans l'en-tête X-Dify-SSO-Token. Nécessite Dify Enterprise SSO.",
   "mcp.modal.headerKey": "Nom de l'en-tête",
   "mcp.modal.headerKeyPlaceholder": "par exemple, Autorisation",
   "mcp.modal.headerValue": "Valeur d'en-tête",

web/i18n/hi-IN/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "जोड़ें और अधिकृत करें",
   "mcp.modal.editTitle": "MCP सर्वर संपादित करें (HTTP)",
   "mcp.modal.forwardUserIdentity": "उपयोगकर्ता पहचान अग्रेषित करें",
-  "mcp.modal.forwardUserIdentityTip": "कॉल करने वाले उपयोगकर्ता की सत्यापित SSO पहचान को इस MCP सर्वर पर Authorization Bearer टोकन के रूप में भेजें। Dify Enterprise SSO आवश्यक है।",
+  "mcp.modal.forwardUserIdentityTip": "कॉल करने वाले उपयोगकर्ता की सत्यापित SSO पहचान को इस MCP सर्वर पर X-Dify-SSO-Token हेडर में भेजें। Dify Enterprise SSO आवश्यक है।",
   "mcp.modal.headerKey": "हेडर नाम",
   "mcp.modal.headerKeyPlaceholder": "उदाहरण के लिए, प्राधिकरण",
   "mcp.modal.headerValue": "हेडर मान",

web/i18n/id-ID/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "Tambahkan & Otorisasi",
   "mcp.modal.editTitle": "Edit Server MCP (HTTP)",
   "mcp.modal.forwardUserIdentity": "Teruskan identitas pengguna",
-  "mcp.modal.forwardUserIdentityTip": "Mengirim identitas SSO terverifikasi pengguna pemanggil ke server MCP ini sebagai token Authorization Bearer. Membutuhkan Dify Enterprise SSO.",
+  "mcp.modal.forwardUserIdentityTip": "Mengirim identitas SSO terverifikasi pengguna pemanggil ke server MCP ini di header X-Dify-SSO-Token. Membutuhkan Dify Enterprise SSO.",
   "mcp.modal.headerKey": "Nama Header",
   "mcp.modal.headerKeyPlaceholder": "Authorization",
   "mcp.modal.headerValue": "Nilai Header",

web/i18n/it-IT/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "Aggiungi & Autorizza",
   "mcp.modal.editTitle": "Modifica Server MCP (HTTP)",
   "mcp.modal.forwardUserIdentity": "Inoltra identità utente",
-  "mcp.modal.forwardUserIdentityTip": "Invia l'identità SSO verificata dell'utente chiamante a questo server MCP come token Authorization Bearer. Richiede Dify Enterprise SSO.",
+  "mcp.modal.forwardUserIdentityTip": "Invia l'identità SSO verificata dell'utente chiamante a questo server MCP nell'intestazione X-Dify-SSO-Token. Richiede Dify Enterprise SSO.",
   "mcp.modal.headerKey": "Nome intestazione",
   "mcp.modal.headerKeyPlaceholder": "ad es., Autorizzazione",
   "mcp.modal.headerValue": "Valore dell'intestazione",

web/i18n/ja-JP/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "追加して承認",
   "mcp.modal.editTitle": "MCP サーバー（HTTP）を編集",
   "mcp.modal.forwardUserIdentity": "ユーザー ID を転送",
-  "mcp.modal.forwardUserIdentityTip": "呼び出し元ユーザーの検証済み SSO ID を Authorization Bearer トークンとしてこの MCP サーバーに送信します。Dify Enterprise SSO が必要です。",
+  "mcp.modal.forwardUserIdentityTip": "呼び出し元ユーザーの検証済み SSO ID を X-Dify-SSO-Token ヘッダーでこの MCP サーバーに送信します。Dify Enterprise SSO が必要です。",
   "mcp.modal.headerKey": "ヘッダー名",
   "mcp.modal.headerKeyPlaceholder": "例えば、承認",
   "mcp.modal.headerValue": "ヘッダーの値",

web/i18n/ko-KR/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "추가 및 승인",
   "mcp.modal.editTitle": "MCP 서버 수정 (HTTP)",
   "mcp.modal.forwardUserIdentity": "사용자 ID 전달",
-  "mcp.modal.forwardUserIdentityTip": "호출한 사용자의 검증된 SSO ID를 Authorization Bearer 토큰으로 이 MCP 서버에 전송합니다. Dify Enterprise SSO가 필요합니다.",
+  "mcp.modal.forwardUserIdentityTip": "호출한 사용자의 검증된 SSO ID를 X-Dify-SSO-Token 헤더로 이 MCP 서버에 전송합니다. Dify Enterprise SSO가 필요합니다.",
   "mcp.modal.headerKey": "헤더 이름",
   "mcp.modal.headerKeyPlaceholder": "예: 승인",
   "mcp.modal.headerValue": "헤더 값",

web/i18n/nl-NL/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "Add & Authorize",
   "mcp.modal.editTitle": "Edit MCP Server (HTTP)",
   "mcp.modal.forwardUserIdentity": "Gebruikersidentiteit doorsturen",
-  "mcp.modal.forwardUserIdentityTip": "Stuur de geverifieerde SSO-identiteit van de aanroepende gebruiker als een Authorization Bearer-token naar deze MCP-server. Vereist Dify Enterprise SSO.",
+  "mcp.modal.forwardUserIdentityTip": "Stuur de geverifieerde SSO-identiteit van de aanroepende gebruiker in de X-Dify-SSO-Token-header naar deze MCP-server. Vereist Dify Enterprise SSO.",
   "mcp.modal.headerKey": "Header Name",
   "mcp.modal.headerKeyPlaceholder": "e.g., Authorization",
   "mcp.modal.headerValue": "Header Value",

web/i18n/pl-PL/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "Dodaj i autoryzuj",
   "mcp.modal.editTitle": "Edytuj serwer MCP (HTTP)",
   "mcp.modal.forwardUserIdentity": "Przekaż tożsamość użytkownika",
-  "mcp.modal.forwardUserIdentityTip": "Wysyła zweryfikowaną tożsamość SSO wywołującego użytkownika do tego serwera MCP jako token Authorization Bearer. Wymaga Dify Enterprise SSO.",
+  "mcp.modal.forwardUserIdentityTip": "Wysyła zweryfikowaną tożsamość SSO wywołującego użytkownika do tego serwera MCP w nagłówku X-Dify-SSO-Token. Wymaga Dify Enterprise SSO.",
   "mcp.modal.headerKey": "Nazwa nagłówka",
   "mcp.modal.headerKeyPlaceholder": "np. Autoryzacja",
   "mcp.modal.headerValue": "Wartość nagłówka",

web/i18n/pt-BR/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "Adicionar e Autorizar",
   "mcp.modal.editTitle": "Editar Servidor MCP (HTTP)",
   "mcp.modal.forwardUserIdentity": "Encaminhar identidade do usuário",
-  "mcp.modal.forwardUserIdentityTip": "Envia a identidade SSO verificada do usuário chamador para este servidor MCP como um token Authorization Bearer. Requer Dify Enterprise SSO.",
+  "mcp.modal.forwardUserIdentityTip": "Envia a identidade SSO verificada do usuário chamador para este servidor MCP no cabeçalho X-Dify-SSO-Token. Requer Dify Enterprise SSO.",
   "mcp.modal.headerKey": "Nome do Cabeçalho",
   "mcp.modal.headerKeyPlaceholder": "por exemplo, Autorização",
   "mcp.modal.headerValue": "Valor do Cabeçalho",

web/i18n/ro-RO/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "Adăugare și Autorizare",
   "mcp.modal.editTitle": "Editare Server MCP (HTTP)",
   "mcp.modal.forwardUserIdentity": "Redirecționează identitatea utilizatorului",
-  "mcp.modal.forwardUserIdentityTip": "Trimite identitatea SSO verificată a utilizatorului apelant către acest server MCP ca un token Authorization Bearer. Necesită Dify Enterprise SSO.",
+  "mcp.modal.forwardUserIdentityTip": "Trimite identitatea SSO verificată a utilizatorului apelant către acest server MCP în antetul X-Dify-SSO-Token. Necesită Dify Enterprise SSO.",
   "mcp.modal.headerKey": "Numele antetului",
   "mcp.modal.headerKeyPlaceholder": "de exemplu, Autorizație",
   "mcp.modal.headerValue": "Valoare Antet",

web/i18n/ru-RU/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "Добавить и авторизовать",
   "mcp.modal.editTitle": "Редактировать MCP сервер (HTTP)",
   "mcp.modal.forwardUserIdentity": "Передавать идентификацию пользователя",
-  "mcp.modal.forwardUserIdentityTip": "Отправляет подтверждённую SSO-идентификацию вызывающего пользователя на этот MCP сервер в качестве токена Authorization Bearer. Требуется Dify Enterprise SSO.",
+  "mcp.modal.forwardUserIdentityTip": "Отправляет подтверждённую SSO-идентификацию вызывающего пользователя на этот MCP сервер в заголовке X-Dify-SSO-Token. Требуется Dify Enterprise SSO.",
   "mcp.modal.headerKey": "Название заголовка",
   "mcp.modal.headerKeyPlaceholder": "например, Авторизация",
   "mcp.modal.headerValue": "Значение заголовка",

web/i18n/sl-SI/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "Dodaj in avtoriziraj",
   "mcp.modal.editTitle": "Uredi strežnik MCP (HTTP)",
   "mcp.modal.forwardUserIdentity": "Posreduj identiteto uporabnika",
-  "mcp.modal.forwardUserIdentityTip": "Pošlje preverjeno SSO identiteto klicajočega uporabnika temu strežniku MCP kot žeton Authorization Bearer. Zahteva Dify Enterprise SSO.",
+  "mcp.modal.forwardUserIdentityTip": "Pošlje preverjeno SSO identiteto klicajočega uporabnika temu strežniku MCP v glavi X-Dify-SSO-Token. Zahteva Dify Enterprise SSO.",
   "mcp.modal.headerKey": "Ime glave",
   "mcp.modal.headerKeyPlaceholder": "npr., Authorization",
   "mcp.modal.headerValue": "Vrednost glave",

web/i18n/th-TH/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "เพิ่มและอนุญาต",
   "mcp.modal.editTitle": "แก้ไขเซิร์ฟเวอร์ MCP (HTTP)",
   "mcp.modal.forwardUserIdentity": "ส่งต่อข้อมูลตัวตนของผู้ใช้",
-  "mcp.modal.forwardUserIdentityTip": "ส่งข้อมูลตัวตน SSO ที่ผ่านการตรวจสอบของผู้ใช้ที่เรียกใช้ไปยังเซิร์ฟเวอร์ MCP นี้เป็น Authorization Bearer token ต้องใช้ Dify Enterprise SSO",
+  "mcp.modal.forwardUserIdentityTip": "ส่งข้อมูลตัวตน SSO ที่ผ่านการตรวจสอบของผู้ใช้ที่เรียกใช้ไปยังเซิร์ฟเวอร์ MCP นี้ในส่วนหัว X-Dify-SSO-Token ต้องใช้ Dify Enterprise SSO",
   "mcp.modal.headerKey": "ชื่อหัวเรื่อง",
   "mcp.modal.headerKeyPlaceholder": "เช่น การอนุญาต",
   "mcp.modal.headerValue": "ค่าหัวข้อ",

web/i18n/tr-TR/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "Ekle ve Yetkilendir",
   "mcp.modal.editTitle": "MCP Sunucusunu Düzenle (HTTP)",
   "mcp.modal.forwardUserIdentity": "Kullanıcı kimliğini ilet",
-  "mcp.modal.forwardUserIdentityTip": "Çağıran kullanıcının doğrulanmış SSO kimliğini bu MCP sunucusuna Authorization Bearer token olarak gönderir. Dify Enterprise SSO gerektirir.",
+  "mcp.modal.forwardUserIdentityTip": "Çağıran kullanıcının doğrulanmış SSO kimliğini bu MCP sunucusuna X-Dify-SSO-Token başlığında gönderir. Dify Enterprise SSO gerektirir.",
   "mcp.modal.headerKey": "Başlık Adı",
   "mcp.modal.headerKeyPlaceholder": "örneğin, Yetkilendirme",
   "mcp.modal.headerValue": "Başlık Değeri",

web/i18n/uk-UA/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "Додати та Авторизувати",
   "mcp.modal.editTitle": "Редагувати сервер MCP (HTTP)",
   "mcp.modal.forwardUserIdentity": "Передавати ідентичність користувача",
-  "mcp.modal.forwardUserIdentityTip": "Надсилає підтверджену SSO ідентичність користувача, що викликає, на цей сервер MCP як токен Authorization Bearer. Потребує Dify Enterprise SSO.",
+  "mcp.modal.forwardUserIdentityTip": "Надсилає підтверджену SSO ідентичність користувача, що викликає, на цей сервер MCP у заголовку X-Dify-SSO-Token. Потребує Dify Enterprise SSO.",
   "mcp.modal.headerKey": "Назва заголовка",
   "mcp.modal.headerKeyPlaceholder": "наприклад, Авторизація",
   "mcp.modal.headerValue": "Значення заголовка",

web/i18n/vi-VN/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "Thêm & Ủy quyền",
   "mcp.modal.editTitle": "Sửa Máy chủ MCP (HTTP)",
   "mcp.modal.forwardUserIdentity": "Chuyển tiếp danh tính người dùng",
-  "mcp.modal.forwardUserIdentityTip": "Gửi danh tính SSO đã xác minh của người dùng gọi đến máy chủ MCP này dưới dạng token Authorization Bearer. Yêu cầu Dify Enterprise SSO.",
+  "mcp.modal.forwardUserIdentityTip": "Gửi danh tính SSO đã xác minh của người dùng gọi đến máy chủ MCP này trong header X-Dify-SSO-Token. Yêu cầu Dify Enterprise SSO.",
   "mcp.modal.headerKey": "Tên tiêu đề",
   "mcp.modal.headerKeyPlaceholder": "ví dụ, Ủy quyền",
   "mcp.modal.headerValue": "Giá trị tiêu đề",

web/i18n/zh-Hans/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "添加并授权",
   "mcp.modal.editTitle": "修改 MCP 服务 (HTTP)",
   "mcp.modal.forwardUserIdentity": "转发用户身份",
-  "mcp.modal.forwardUserIdentityTip": "将调用用户的已验证 SSO 身份作为 Authorization Bearer token 转发到该 MCP 服务器。需要 Dify Enterprise SSO。",
+  "mcp.modal.forwardUserIdentityTip": "将调用用户的已验证 SSO 身份通过 X-Dify-SSO-Token 请求头转发到该 MCP 服务器。需要 Dify Enterprise SSO。",
   "mcp.modal.headerKey": "请求头名称",
   "mcp.modal.headerKeyPlaceholder": "例如：Authorization",
   "mcp.modal.headerValue": "请求头值",

web/i18n/zh-Hant/tools.json

@@ -121,7 +121,7 @@
   "mcp.modal.confirm": "新增並授權",
   "mcp.modal.editTitle": "編輯 MCP 伺服器 (HTTP)",
   "mcp.modal.forwardUserIdentity": "轉發使用者身份",
-  "mcp.modal.forwardUserIdentityTip": "將呼叫使用者已驗證的 SSO 身份作為 Authorization Bearer token 轉發至此 MCP 伺服器。需要 Dify Enterprise SSO。",
+  "mcp.modal.forwardUserIdentityTip": "將呼叫使用者已驗證的 SSO 身份透過 X-Dify-SSO-Token 請求標頭轉發至此 MCP 伺服器。需要 Dify Enterprise SSO。",
   "mcp.modal.headerKey": "標題名稱",
   "mcp.modal.headerKeyPlaceholder": "例如，授權",
   "mcp.modal.headerValue": "標題值",