diff --git a/client/src/lib/auth.ts b/client/src/lib/auth.ts index 79750112..87993610 100644 --- a/client/src/lib/auth.ts +++ b/client/src/lib/auth.ts @@ -153,15 +153,22 @@ export class InspectorOAuthClientProvider implements OAuthClientProvider { } get clientMetadata(): OAuthClientMetadata { - return { + const metadata: OAuthClientMetadata = { redirect_uris: this.redirect_uris, token_endpoint_auth_method: "none", grant_types: ["authorization_code", "refresh_token"], response_types: ["code"], client_name: "MCP Inspector", client_uri: "https://github.com/modelcontextprotocol/inspector", - scope: this.scope ?? "", }; + + // Only include scope if it's defined and non-empty + // Per OAuth spec, omit the scope field entirely if no scopes are requested + if (this.scope) { + metadata.scope = this.scope; + } + + return metadata; } state(): string | Promise { diff --git a/client/src/lib/hooks/useConnection.ts b/client/src/lib/hooks/useConnection.ts index c26c1d66..60ac73ed 100644 --- a/client/src/lib/hooks/useConnection.ts +++ b/client/src/lib/hooks/useConnection.ts @@ -393,11 +393,22 @@ export function useConnection({ saveScopeToSessionStorage(sseUrl, scope); const serverAuthProvider = new InspectorOAuthClientProvider(sseUrl); - const result = await auth(serverAuthProvider, { - serverUrl: sseUrl, - scope, - }); - return result === "AUTHORIZED"; + try { + const result = await auth(serverAuthProvider, { + serverUrl: sseUrl, + scope, + }); + return result === "AUTHORIZED"; + } catch (authError) { + // Show user-friendly error message for OAuth failures + toast({ + title: "OAuth Authentication Failed", + description: + authError instanceof Error ? authError.message : String(authError), + variant: "destructive", + }); + return false; + } } return false;