8000 Handle '&scope=' in authorize request to return empty list by dwreeves · Pull Request #979 · modelcontextprotocol/python-sdk · GitHub
[go: up one dir, main page]
Skip to content
Dismiss alert

Handle '&scope=' in authorize request to return empty list #979

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Handle '&scope=' in authorize request to return empty list #979

wants to merge 1 commit into from
+13 −0

Conversation

dwreeves
Copy link
@dwreeves dwreeves commented Jun 18, 2025
edited
Loading

Resolves #977

Motivation and Context

I am attempting to authorize to the ChatGPT web client using Okta OAuth. I got it working, but with significant rewrites and patching to the internals of the MCP Python SDK.

I'm not comfortable proposing support for everything I needed to do as many of those are client side issues with OpenAI's implementation, including lack of PKCE support. However, one of the things that tripped me up seems to be a minor issue on the MCP Python SDK's side, which is that the ChatGPT client was requesting &scope=. I'm not 100% sure what's going on as I give the client a default scope when it registers that it in turn is not requesting.

In any case, if None is a valid value for the scopes, then it seems that [] should also be, and furthermore that &scope= in the query params should correspond to either None or []. However, right now the MCP SDK only sets the scopes to None if the query parameter is not defined at all, whereas the ChatGPT web client sends &scope=, which parses as "", which in turn fails validation unless "" is defined as a valid scope in the ClientRegistrationOptions.

How Has This Been Tested?

I have a patched version of this running and connecting to ChatGPT's web client.

Breaking Changes

Should be no breaking changes.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines (pre-commit run -a)
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed (n/a)

Additional context

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Empty but defined scope query param ("&scope=") validates as [""] and not [] during authorization.
1 participant
@dwreeves
0