Enforce per-tool OAuth scopes on MCP servers using your GraphQL schema. AI agents get least-privilege access with automatic scope step-up — no BFF needed.

Wundergraph is a blog or publication focused on GraphQL, a query language and runtime for APIs. Through tutorials, guides, and case studies, Wundergraph explores various aspects of GraphQL development, including schema design, query optimization, and integration with frontend frameworks. Developers can learn how to leverage GraphQL to build efficient and flexible APIs that meet the needs of modern web and mobile applications.

WunderGraph

Cosmo Router now enforces per-tool OAuth scopes for MCP servers by deriving scope requirements directly from @requiresScopes directives in federated GraphQL schemas. Instead of giving AI agents broad tokens, the router computes each tool's required scopes from the fields it touches using OR-of-AND Cartesian product logic, caches them at startup, and returns actionable WWW-Authenticate challenges when scopes are missing. This enables autonomous step-up authorization — agents escalate permissions on the same session without reconnecting. The post also covers a bug found in the MCP TypeScript SDK (infinite loop from scope overwriting vs. accumulation), a compatibility config workaround, five additive authorization levels, and why building a separate BFF for agents leads to policy drift.

Per-Tool OAuth Scopes for MCP, Derived from Your Schema

Why MCP Servers Need Per-Tool OAuth Scope Enforcement

How to Derive MCP Tool Scopes from Your GraphQL Schema

Introducing Per-Tool OAuth Scope Enforcement in Cosmo Router

How RFC 9728 Protected Resource Metadata Helps MCP Clients

Why This Is Better Than Building Another BFF