Skip to content

Commit 772bb09

Browse files
SamMorrowDrumsSamMorrowDrums
committed
docs: Fix MCP spec link and clarify PAT filtering scope
- Use November 2025 spec link with correct anchor - Clarify PAT filtering works on both local and remote server
1 parent b94ada5 commit 772bb09

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

docs/changelog/2026-01-intelligent-scope-features.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ GitHub MCP Server now provides intelligent handling of OAuth scopes across all a
1313

1414
### OAuth Scope Challenges (Remote Server)
1515

16-
When using the remote MCP server with OAuth authentication (like VS Code's GitHub Copilot Chat), the server now implements the [MCP step-up authentication specification](https://spec.modelcontextprotocol.io/). Instead of failing when you lack a required scope, the server can request additional permissions dynamically.
16+
When using the remote MCP server with OAuth authentication (like VS Code's GitHub Copilot Chat), the server now implements the [MCP scope challenge handling specification](https://modelcontextprotocol.io/specification/2025-11-05/basic/authorization#scope-challenge-handling). Instead of failing when you lack a required scope, the server can request additional permissions dynamically.
1717

1818
**How it works:**
1919
1. You attempt to use a tool that requires a scope you haven't granted
@@ -23,9 +23,9 @@ When using the remote MCP server with OAuth authentication (like VS Code's GitHu
2323

2424
This means you can start with minimal permissions and expand them naturally as you use more features—no upfront "grant all permissions" prompts.
2525

26-
### PAT Scope Filtering (Local Server)
26+
### PAT Scope Filtering
2727

28-
For users running the local server with a classic Personal Access Token (`ghp_` prefix), tools are now automatically filtered based on your token's scopes. At startup, the server discovers your token's scopes and hides tools you can't use.
28+
For users authenticating with a classic Personal Access Token (`ghp_` prefix), tools are now automatically filtered based on your token's scopes. At startup, the server discovers your token's scopes and hides tools you can't use. This works on both the local (stdio) and remote server.
2929

3030
**Benefits:**
3131
- **Reduced clutter** — Only see tools your token supports

0 commit comments

Comments
 (0)