Support providing client scopes to StaticPrivateKeyJwtProvider (also applicable to PrivateKeyJwtProvider) #1430
Description
Is your feature request related to a problem? Please describe.
I am working on an MCP server managing tools permission based on Access Token scopes, and building an associated MCP client to test it. However, as far as I can tell, it is not possible to specify the scope used by a client in the case of the Client Credential flows with a private-key-jwt assertion. The client sends a Token Request to the Authorization Server that contains no scope claim, which is valid as far as OAuth goes but prevents having a fine-grained approach based on client input.
Describe the solution you'd like
The StaticPrivateKeyJwtProvider builder (respectively PrivateKeyJwtProvider) could accept a new scope parameter, use it to set the internal client metadata, and subsequently include this metadata in the token request.
Describe alternatives you've considered
N/A
Additional context
The client metadata is already used to set the scopes in the fetchToken function, and the StaticPrivateKeyJwtProvider appropriately implements prepareTokenRequest to add scopes to the token request, so there is no changes required in the core logic, the change I'm suggesting is limited to StaticPrivateKeyJwtProvider internals essentially. I think it is out of scope for the client library to check that the scopes provided there align with the supported scopes declared in the Client Metadata document, the Authorization Server will return an appropriate error in case of misalignment.
If I am not missing anything, and there are no specific reasons why this should not be implemented, I'm happy to open a PR with the suggested change.