MCP server OIDC auth fails with Entra ID v2 (AADSTS9010010)

[zisk]

Describe the bug
Configuring the MCP server with Microsoft Entra ID (Azure AD) as the OIDC provider fails during the OAuth authorization step with:

AADSTS9010010: The resource parameter provided in the request doesn't match with the requested scopes.

To reproduce

1. Configure Tracecat with OIDC_ISSUER=https://login.microsoftonline.com/{tenant}/v2.0
2. Start the MCP server
3. Initiate OAuth from an MCP client
4. Authorization redirect to Entra fails with AADSTS9010010

Screenshots

Environment (please complete the following information):

• Tracecat 1.0.0-beta.36
• OS Debian 12
• Where did you deploy Tracecat? VM/Docker
• CPU architecture
• Browser type (e.g. Chrome, Safari, Edge, etc.) and version
• Docker / Podman version Docker version 28.3.2, build 578ccf6
• Docker Compose / Podman Compose version

Additional context

I did some poking around with Claude to figure out where the issue originates and I believe its related to fastmcp passing the resource parameter from the client.

The Azure issue and fix is detailed here: PrefectHQ/fastmcp#1846

A more generic fix looks like it was added recently but likely isn't in the version of fastmcp currently in use: PrefectHQ/fastmcp#3711

[topher-lo]

Thanks for opening this @zisk we're actually dropping 3rd party OIDC for MCP support entirely. Tracecat beta.38 onwards will roll with an internal OIDC server in the API: #2457

Centralizes auth to the main auth.

[zisk]

Sounds good! I'll find a workaround or wait for that to drop to continue testing.

[authora-aria]

This usually means the auth request is mixing v1-style resource= with v2-style scope=. Entra ID v2 rejects that combo with AADSTS9010010; for /oauth2/v2.0/authorize you should send only scope=openid profile email offline_access <api-scope> and no resource param at all. If Tracecat is constructing the authorize URL with both, the fix is to branch on the issuer/discovery metadata and omit resource for v2 providers.

Concretely, check wherever the MCP server builds the upstream authorization request from the OIDC config/env vars: if you’re deriving a resource from audience/client settings, that needs to be disabled for Entra v2. The API permission also needs to be exposed as a scope like api://<app-id>/access_as_user (or /.default for token flows that support it), not passed as resource=<app-id-uri>. If you dump the final authorize URL in debug logs, you’ll probably see both params present.