Is your feature request related to a problem? Please describe.
I want to use a specific scope for the mcp connection, that access tokens can only authenticate to a mcp server if they for example have the mcp scope. Right now this is not possible because no scope is passed to the authorize url which means only the default scopes are used.
Describe the solution you'd like
It would be great if the field scopes_supported from /.well-known/oauth-protected-resource is used when available and all scopes in that list are passed to the authorize url.
Is your feature request related to a problem? Please describe.
I want to use a specific scope for the mcp connection, that access tokens can only authenticate to a mcp server if they for example have the
mcpscope. Right now this is not possible because no scope is passed to the authorize url which means only the default scopes are used.Describe the solution you'd like
It would be great if the field
scopes_supportedfrom/.well-known/oauth-protected-resourceis used when available and all scopes in that list are passed to the authorize url.