Cosmo's MCP server already exposes your graph as AI-ready tools. When we added per-tool OAuth scope step-up authorization so clients don't need a god token, we hit an infinite loop. The root cause: a gap between the MCP spec and RFC 6750 on scope challenges, plus SDK behavior that overwrites scopes instead of accumulating them. Here's what we found and how we're approaching it.

Wundergraph is a blog or publication focused on GraphQL, a query language and runtime for APIs. Through tutorials, guides, and case studies, Wundergraph explores various aspects of GraphQL development, including schema design, query optimization, and integration with frontend frameworks. Developers can learn how to leverage GraphQL to build efficient and flexible APIs that meet the needs of modern web and mobile applications.

WunderGraph

WunderGraph implemented per-tool OAuth scope step-up authorization in their Cosmo MCP server, where each MCP tool requires only the specific OAuth scopes it needs rather than a broad token. During implementation they discovered an infinite authorization loop caused by the MCP TypeScript SDK overwriting scopes on each 403 challenge instead of accumulating them. The root cause is a gap between the MCP spec's Server Scope Management guidance (which asks servers to include previously granted scopes) and RFC 6750 (which says servers should only describe what the current operation needs). They argue scope accumulation is a client-side responsibility, filed issues against the TypeScript SDK and the MCP spec itself, and proposed three clarifications: servers should return only operation-required scopes in 403 challenges, clients should union existing and challenge scopes before re-authorizing, and 'authoritative' should mean authoritative for the current request only.

MCP Scope Step-Up Authorization: From Implementation to Spec Contribution

Two parts of the spec that pull in different directions

Where we're headed: surfacing missing scopes from the schema