Fix connect button behavior for Oauth by making sure that scope is included in client metadata when client is registered.

cliffhall · cliffhall · commit 5323d4d8f4ae · 2025-08-15T18:40:21.000-04:00
- In auth.ts
    - in InspectorOAuthClientProvider constructor
      - add optional scope param
      - set instance var this.scope to scope param
    - in clientMetadata getter
      - add scope param set to this.scope or ""
  - in useConnection.ts
    - in handleAuthError handler
      - move instantiation of serverAuthProvider until after scope has been determined
      - pass scope to InspectorOAuthClientProvider constructor
diff --git a/client/src/lib/auth.ts b/client/src/lib/auth.ts
@@ -102,10 +102,15 @@ export const clearClientInformationFromSessionStorage = ({
 };
 
 export class InspectorOAuthClientProvider implements OAuthClientProvider {
-  constructor(protected serverUrl: string) {
+  constructor(
+    protected serverUrl: string,
+    scope?: string,
+  ) {
+    this.scope = scope;
     // Save the server URL to session storage
     sessionStorage.setItem(SESSION_KEYS.SERVER_URL, serverUrl);
   }
+  scope: string | undefined;
 
   get redirectUrl() {
     return window.location.origin + "/oauth/callback";
@@ -119,6 +124,7 @@ export class InspectorOAuthClientProvider implements OAuthClientProvider {
       response_types: ["code"],
       client_name: "MCP Inspector",
       client_uri: "https://github.com/modelcontextprotocol/inspector",
+      scope: this.scope ?? "",
     };
   }
 
diff --git a/client/src/lib/hooks/useConnection.ts b/client/src/lib/hooks/useConnection.ts
@@ -319,8 +319,6 @@ export function useConnection({
 
   const handleAuthError = async (error: unknown) => {
     if (is401Error(error)) {
-      const serverAuthProvider = new InspectorOAuthClientProvider(sseUrl);
-
       let scope = oauthScope?.trim();
       if (!scope) {
         // Only discover resource metadata when we need to discover scopes
@@ -334,6 +332,7 @@ export function useConnection({
         }
         scope = await discoverScopes(sseUrl, resourceMetadata);
       }
+      const serverAuthProvider = new InspectorOAuthClientProvider(sseUrl, scope);
 
       const result = await auth(serverAuthProvider, {
         serverUrl: sseUrl,

Original file line number	Diff line number	Diff line change
`@@ -319,8 +319,6 @@ export function useConnection({`
`319`	`319`
`320`	`320`	`const handleAuthError = async (error: unknown) => {`
`321`	`321`	`if (is401Error(error)) {`
`322`		`- const serverAuthProvider = new InspectorOAuthClientProvider(sseUrl);`
`323`		`-`
`324`	`322`	`let scope = oauthScope?.trim();`
`325`	`323`	`if (!scope) {`
`326`	`324`	`// Only discover resource metadata when we need to discover scopes`
`@@ -334,6 +332,7 @@ export function useConnection({`
`334`	`332`	`}`
`335`	`333`	`scope = await discoverScopes(sseUrl, resourceMetadata);`
`336`	`334`	`}`
	`335`	`+ const serverAuthProvider = new InspectorOAuthClientProvider(sseUrl, scope);`
`337`	`336`
`338`	`337`	`const result = await auth(serverAuthProvider, {`
`339`	`338`	`serverUrl: sseUrl,`