Skip to content

feat: add scope option to ClientCredentialsProvider, PrivateKeyJwtProvider, and StaticPrivateKeyJwtProvider#1670

Open
Vadaski wants to merge 2 commits intomodelcontextprotocol:mainfrom
Vadaski:fix/1430-scope-for-jwt-providers
Open

feat: add scope option to ClientCredentialsProvider, PrivateKeyJwtProvider, and StaticPrivateKeyJwtProvider#1670
Vadaski wants to merge 2 commits intomodelcontextprotocol:mainfrom
Vadaski:fix/1430-scope-for-jwt-providers

Conversation

@Vadaski
Copy link

@Vadaski Vadaski commented Mar 12, 2026

Closes #1430. Adds optional scope field to machine-to-machine OAuth provider options. When provided, sets clientMetadata.scope so fetchToken forwards it to prepareTokenRequest. Fully backwards compatible. Added 3 new tests.

@Vadaski @claude
feat: add scope option to ClientCredentialsProvider, PrivateKeyJwtPro…
3597ff7 
…vider, and StaticPrivateKeyJwtProvider (modelcontextprotocol#1430)

Addresses issue modelcontextprotocol#1430: machine-to-machine OAuth providers had no way
to configure the OAuth scope for their token requests.

Changes:
- Added optional `scope?: string` field to `ClientCredentialsProviderOptions`,
  `PrivateKeyJwtProviderOptions`, and `StaticPrivateKeyJwtProviderOptions`
- When `scope` is provided, sets `clientMetadata.scope` in the constructor so
  that `fetchToken()` forwards it to `prepareTokenRequest()` and the scope
  is included in the token request body
- No behaviour change when `scope` is omitted (fully backwards compatible)

Tests: added 3 new tests (one per provider) in authExtensions.test.ts
verifying that the configured scope reaches the token endpoint.

Closes modelcontextprotocol#1430

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Vadaski Vadaski requested a review from a team as a code owner March 12, 2026 07:29
@changeset-bot
Copy link

changeset-bot bot commented Mar 12, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: 6d96cf2

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@pkg-pr-new
Copy link

pkg-pr-new bot commented Mar 12, 2026
edited
Loading

Open in StackBlitz

@modelcontextprotocol/client

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/client@1670

@modelcontextprotocol/server

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/server@1670

@modelcontextprotocol/express

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/express@1670

@modelcontextprotocol/hono

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/hono@1670

@modelcontextprotocol/node

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/node@1670

commit: 0baefe6

@Vadaski @claude
fix: use !== undefined guard for scope option in auth providers (mode…
6d96cf2 
…lcontextprotocol#1430)

if (options.scope) silently ignored scope: "" — fix to !== undefined
so an empty string scope is handled correctly.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support providing client scopes to StaticPrivateKeyJwtProvider (also applicable to PrivateKeyJwtProvider)

1 participant

@Vadaski