Add client-side scope accumulation in GetScopeParameter

Copilot · stephentoub · web-flow · commit 72e24d8630bb · 2026-03-29T00:36:28.000Z
Agent-Logs-Url: https://github.com/modelcontextprotocol/csharp-sdk/sessions/cf7499bb-4f2e-430c-82c1-e160d5c12b25 Co-authored-by: stephentoub <2642209+stephentoub@users.noreply.github.com>
diff --git a/src/ModelContextProtocol.Core/Authentication/ClientOAuthProvider.cs b/src/ModelContextProtocol.Core/Authentication/ClientOAuthProvider.cs
@@ -47,6 +47,7 @@ internal sealed partial class ClientOAuthProvider : McpHttpClient
     private string? _tokenEndpointAuthMethod;
     private ITokenCache _tokenCache;
     private AuthorizationServerMetadata? _authServerMetadata;
+    private string? _lastRequestedScopes;
 
     /// <summary>
     /// Initializes a new instance of the <see cref="ClientOAuthProvider"/> class using the specified options.
@@ -714,16 +715,37 @@ private async Task PerformDynamicClientRegistrationAsync(
 
     private string? GetScopeParameter(ProtectedResourceMetadata protectedResourceMetadata)
     {
+        string? newScopes;
+
         if (!string.IsNullOrEmpty(protectedResourceMetadata.WwwAuthenticateScope))
         {
-            return protectedResourceMetadata.WwwAuthenticateScope;
+            newScopes = protectedResourceMetadata.WwwAuthenticateScope;
         }
         else if (protectedResourceMetadata.ScopesSupported.Count > 0)
         {
-            return string.Join(" ", protectedResourceMetadata.ScopesSupported);
+            newScopes = string.Join(" ", protectedResourceMetadata.ScopesSupported);
+        }
+        else
+        {
+            newScopes = _configuredScopes;
+        }
+
+        // Union with previously requested scopes to avoid losing permissions during step-up
+        // authorization. Per the MCP spec (aligned with RFC 6750 §3.1), servers should emit only
+        // per-operation scopes in 403 insufficient_scope challenges, so clients SHOULD accumulate
+        // all previously requested scopes to prevent losing previously granted permissions.
+        if (_lastRequestedScopes is not null && newScopes is not null)
+        {
+            var combined = new HashSet<string>(_lastRequestedScopes.Split(' '), StringComparer.Ordinal);
+            foreach (var scope in newScopes.Split(' '))
+            {
+                combined.Add(scope);
+            }
+            newScopes = string.Join(" ", combined);
         }
 
-        return _configuredScopes;
+        _lastRequestedScopes = newScopes;
+        return newScopes;
     }
 
     /// <summary>
diff --git a/tests/ModelContextProtocol.AspNetCore.Tests/OAuth/AuthTests.cs b/tests/ModelContextProtocol.AspNetCore.Tests/OAuth/AuthTests.cs
@@ -475,7 +475,10 @@ public async Task AuthorizationFlow_UsesScopeFromForbiddenHeader()
                 {
                     // Tool now just checks if user has the required scopes
                     // If they don't, it shouldn't get here due to middleware
-                    Assert.True(user.HasClaim("scope", adminScopes), "User should have admin scopes when tool executes");
+                    // The token scope may include accumulated scopes, so check for containment
+                    var scopeClaim = user.FindFirst("scope")?.Value ?? "";
+                    var userScopes = new HashSet<string>(scopeClaim.Split(' '), StringComparer.Ordinal);
+                    Assert.True(adminScopes.Split(' ').All(s => userScopes.Contains(s)), "User should have admin scopes when tool executes");
                     return "Admin tool executed.";
                 }),
             ]);
@@ -510,9 +513,11 @@ public async Task AuthorizationFlow_UsesScopeFromForbiddenHeader()
 
                         if (toolCallParams?.Name == "admin-tool")
                         {
-                            // Check if user has required scopes
+                            // Check if user has all required scopes (token may include accumulated scopes)
                             var user = context.User;
-                            if (!user.HasClaim("scope", adminScopes))
+                            var scopeClaim = user.FindFirst("scope")?.Value ?? "";
+                            var userScopes = new HashSet<string>(scopeClaim.Split(' '), StringComparer.Ordinal);
+                            if (!adminScopes.Split(' ').All(s => userScopes.Contains(s)))
                             {
                                 // User lacks required scopes, return 403 before MapMcp processes the request
                                 context.Response.StatusCode = StatusCodes.Status403Forbidden;
@@ -554,7 +559,12 @@ public async Task AuthorizationFlow_UsesScopeFromForbiddenHeader()
         var adminResult = await client.CallToolAsync("admin-tool", cancellationToken: TestContext.Current.CancellationToken);
         Assert.Equal("Admin tool executed.", adminResult.Content[0].ToString());
 
-        Assert.Equal(adminScopes, requestedScope);
+        // After the 403 insufficient_scope challenge with adminScopes, the client should re-authorize
+        // with the union of previously requested scopes ("mcp:tools") and the newly challenged scopes.
+        var accumulatedScopes = requestedScope!.Split(' ');
+        Assert.Contains("mcp:tools", accumulatedScopes);
+        Assert.Contains("admin:read", accumulatedScopes);
+        Assert.Contains("admin:write", accumulatedScopes);
     }
 
     [Fact]
