functionality

Author: dogacancolak

.gitignore

@@ -88,7 +88,7 @@ ipython_config.py
 # pyenv
 #   For a library or package, you might want to ignore these files since the code is
 #   intended to run in multiple environments; otherwise, check them in:
-# .python-version
+.python-version
 
 # pipenv
 #   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.

src/mcp/client/auth.py

@@ -478,9 +478,16 @@ async def _handle_oauth_metadata_response(self, response: httpx.Response) -> Non
         content = await response.aread()
         metadata = OAuthMetadata.model_validate_json(content)
         self.context.oauth_metadata = metadata
-        # Apply default scope if needed
-        if self.context.client_metadata.scope is None and metadata.scopes_supported is not None:
-            self.context.client_metadata.scope = " ".join(metadata.scopes_supported)
+        
+        # Only set scope if client_metadata.scope is None
+        if self.context.client_metadata.scope is None:
+            # Priority 1: Use PRM's scopes_supported if available
+            if (self.context.protected_resource_metadata is not None and 
+                self.context.protected_resource_metadata.scopes_supported is not None):
+                self.context.client_metadata.scope = " ".join(self.context.protected_resource_metadata.scopes_supported)
+            # Priority 2: Fall back to OAuth metadata scopes if available
+            elif metadata.scopes_supported is not None:
+                self.context.client_metadata.scope = " ".join(metadata.scopes_supported)
 
     async def async_auth_flow(self, request: httpx.Request) -> AsyncGenerator[httpx.Request, httpx.Response]:
         """HTTPX auth flow integration."""