@@ -180,6 +180,7 @@ impl ClientHandler for FullClientHandler {
180180
181181const CIMD_CLIENT_METADATA_URL : & str = "https://conformance-test.local/client-metadata.json" ;
182182const REDIRECT_URI : & str = "http://localhost:3000/callback" ;
183+ const SCOPE_STEP_UP_ESCALATED_SCOPES : & [ & str ] = & [ "mcp:basic" , "mcp:write" ] ;
183184
184185/// Perform the headless OAuth authorization-code flow.
185186///
@@ -365,13 +366,10 @@ async fn run_auth_scope_step_up_client(
365366 // Drop old client, re-auth with upgraded scopes
366367 client. cancel ( ) . await . ok ( ) ;
367368
368- // Re-do the full flow; the server will give us the right scopes
369- // on the second authorization request.
370369 let mut oauth2 = OAuthState :: new ( server_url, None ) . await ?;
371- // Pass the escalated scope hint
372370 oauth2
373371 . start_authorization_with_metadata_url (
374- & [ ] ,
372+ SCOPE_STEP_UP_ESCALATED_SCOPES ,
375373 REDIRECT_URI ,
376374 Some ( "conformance-client" ) ,
377375 Some ( CIMD_CLIENT_METADATA_URL ) ,
@@ -387,7 +385,9 @@ async fn run_auth_scope_step_up_client(
387385 )
388386 . await ?;
389387
390- let am2 = oauth2. into_authorization_manager ( ) . unwrap ( ) ;
388+ let am2 = oauth2. into_authorization_manager ( ) . ok_or_else ( || {
389+ anyhow:: anyhow!( "Missing authorization manager after step-up" )
390+ } ) ?;
391391 let auth_client2 = AuthClient :: new ( reqwest:: Client :: default ( ) , am2) ;
392392 let transport2 = StreamableHttpClientTransport :: with_client (
393393 auth_client2,
@@ -435,15 +435,28 @@ async fn run_auth_scope_retry_limit_client(
435435 )
436436 . await ?;
437437
438- let am = oauth. into_authorization_manager ( ) . unwrap ( ) ;
438+ let am = oauth
439+ . into_authorization_manager ( )
440+ . ok_or_else ( || anyhow:: anyhow!( "Missing authorization manager" ) ) ?;
439441 let auth_client = AuthClient :: new ( reqwest:: Client :: default ( ) , am) ;
440442 let transport = StreamableHttpClientTransport :: with_client (
441443 auth_client,
442444 StreamableHttpClientTransportConfig :: with_uri ( server_url) ,
443445 ) ;
444446
445447 let client = BasicClientHandler . serve ( transport) . await ?;
446- let tools = client. list_tools ( Default :: default ( ) ) . await ?;
448+ let tools = match client. list_tools ( Default :: default ( ) ) . await {
449+ Ok ( tools) => tools,
450+ Err ( err) => {
451+ tracing:: info!(
452+ "Scope retry limit scenario stopped after authorization attempt {}: {}" ,
453+ attempt + 1 ,
454+ err
455+ ) ;
456+ client. cancel ( ) . await . ok ( ) ;
457+ return Ok ( ( ) ) ;
458+ }
459+ } ;
447460
448461 let mut got_403 = false ;
449462 for tool in & tools. tools {
@@ -467,7 +480,7 @@ async fn run_auth_scope_retry_limit_client(
467480 attempt += 1 ;
468481 if attempt >= max_retries {
469482 tracing:: info!( "Reached retry limit ({max_retries}), giving up" ) ;
470- return Err ( anyhow :: anyhow! ( "Scope retry limit reached" ) ) ;
483+ return Ok ( ( ) ) ;
471484 }
472485 }
473486 Ok ( ( ) )
0 commit comments