comment

dogacancolak · dogacancolak · commit 643ae862c6da · 2025-10-07T10:37:08.000-04:00
diff --git a/src/mcp/client/auth.py b/src/mcp/client/auth.py
@@ -268,8 +268,7 @@ async def _handle_protected_resource_response(self, response: httpx.Response) ->
                 if metadata.authorization_servers:
                     self.context.auth_server_url = str(metadata.authorization_servers[0])
 
-                # Only set scope if client_metadata.scope is None
-                # Per MCP spec, priority order:
+                # Per MCP spec, scope selection priority order:
                 # 1. Keep client scope if configured
                 # 2. Use scope from WWW-Authenticate header (if provided)
                 # 3. Use all scopes from PRM scopes_supported (if available)
