Open
Description
Initial Checks
- I confirm that I'm using the latest version of MCP Python SDK
- I confirm that I searched for my issue in https://github.com/modelcontextprotocol/python-sdk/issues before opening this issue
Description
Hello, we're trying to get MCP server working with auth in ChatGPT, and I believe I encountered a small bug. OpenAI sends an auth request with &scope=. This seems to imply that it is requesting no scopes.
However, in mcp/shared/auth.py, the code fails with the error message Client+was+not+registered+with+scope+ because requested_scope.split(" ") parses as [""], and so it checks that "" is an allowed scope.
The code causing the error is as follows:
def validate_scope(self, requested_scope: str | None) -> list[str] | None:
if requested_scope is None:
return None
requested_scopes = requested_scope.split(" ")
allowed_scopes = [] if self.scope is None else self.scope.split(" ")
for scope in requested_scopes:
if scope not in allowed_scopes:
raise InvalidScopeError(f"Client was not registered with scope {scope}")
return requested_scopesIt seems that the code should probably be changed to look something like this:
def validate_scope(self, requested_scope: str | None) -> list[str] | None:
if requested_scope is None:
return None
if requested_scope == "":
return []
requested_scopes = requested_scope.split(" ")
allowed_scopes = [] if self.scope is None else self.scope.split(" ")
for scope in requested_scopes:
if scope not in allowed_scopes:
raise InvalidScopeError(f"Client was not registered with scope {scope}")
return requested_scopesExample Code
Python & MCP Python SDK
Python version 3.12.7
`mcp==1.9.4`
Metadata
Metadata
Assignees
Labels
No labels