Handle '&scope=' in authorize request to return empty list

[dwreeves]

Resolves #977

Motivation and Context

I am attempting to authorize to the ChatGPT web client using Okta OAuth. I got it working, but with significant rewrites and patching to the internals of the MCP Python SDK.

I'm not comfortable proposing support for everything I needed to do as many of those are client side issues with OpenAI's implementation, including lack of PKCE support. However, one of the things that tripped me up seems to be a minor issue on the MCP Python SDK's side, which is that the server was requesting &scope=. I'm not 100% sure what's going on as I give the client a default scope when it registers that it in turn is not requesting.

In any case, if None is a valid value for the scopes, then it seems that [] should also be, and furthermore that &scope= in the query params should correspond to either None or []. However, right now the MCP SDK only sets the scopes to None if the query parameter is not defined at all, whereas the ChatGPT web client sends &scope=, which parses as "", which in turn fails validation unless "" is defined as a valid scope in the ClientRegistrationOptions.

How Has This Been Tested?

I have a patched version of this running and connecting to ChatGPT's web client.

Breaking Changes

Should be no breaking changes.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update

Checklist

• I have read the MCP Documentation
• My code follows the repository's style guidelines (pre-commit run -a)
• New and existing tests pass locally
• I have added appropriate error handling
• I have added or updated documentation as needed (n/a)

Additional context

[dwreeves]

Sorry, commit email is my work email; resubmitting with personal.