Skip to content

Private key jwt scopes #1443

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
NSeydoux wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Private key jwt scopes #1443

NSeydoux wants to merge 8 commits into from
+120 −3

Conversation

@NSeydoux
Copy link

@NSeydoux NSeydoux commented Feb 2, 2026

This adds support for a scope parameter in the client credentials OAuth providers as described in #1430.

Motivation and Context

A client may now specify which scopes it requests to the Authorization Server.

How Has This Been Tested?

I have tested against an OAuth-compliant Authorization Server and an MCP Resource Server enforcing access control based on Access Token scopes.

Breaking Changes

No, the change is opt-in and the default behavior remains the same.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling (N/A)
  • I have added or updated documentation as needed

Additional context

These changes have been backported to v1.x in #1442.

@NSeydoux NSeydoux requested a review from a team as a code owner February 2, 2026 15:51
@changeset-bot
Copy link

changeset-bot bot commented Feb 2, 2026
edited
Loading

🦋 Changeset detected

Latest commit: 368ec94

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@modelcontextprotocol/client Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@pkg-pr-new
Copy link

pkg-pr-new bot commented Feb 2, 2026
edited
Loading

Open in StackBlitz

@modelcontextprotocol/client

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/client@1443

@modelcontextprotocol/server

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/server@1443

@modelcontextprotocol/express

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/express@1443

@modelcontextprotocol/hono

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/hono@1443

@modelcontextprotocol/node

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/node@1443

commit: 368ec94

@NSeydoux
Copy link
Author

NSeydoux commented Feb 2, 2026

@pcarleton in this branch, should I add the changeset then?

@pcarleton
Copy link
Member

pcarleton commented Feb 2, 2026

yep this one needs a changeset

NSeydoux
NSeydoux commented Feb 3, 2026
View reviewed changes
@NSeydoux
Copy link
Author

NSeydoux commented Feb 11, 2026

@pcarleton I think this is all set. Since this adds options to the API, I've made it a minor bump, let me know if that wasn't what was expected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@NSeydoux @pcarleton