Cosmo Router now enforces per-tool OAuth scopes for MCP servers by deriving scope requirements directly from @requiresScopes directives in federated GraphQL schemas. Instead of giving AI agents broad tokens, the router computes each tool's required scopes from the fields it touches using OR-of-AND Cartesian product logic, caches them at startup, and returns actionable WWW-Authenticate challenges when scopes are missing. This enables autonomous step-up authorization — agents escalate permissions on the same session without reconnecting. The post also covers a bug found in the MCP TypeScript SDK (infinite loop from scope overwriting vs. accumulation), a compatibility config workaround, five additive authorization levels, and why building a separate BFF for agents leads to policy drift.
Table of contents
Why MCP Servers Need Per-Tool OAuth Scope EnforcementHow to Derive MCP Tool Scopes from Your GraphQL SchemaIntroducing Per-Tool OAuth Scope Enforcement in Cosmo RouterHow Scope Challenges WorkFive Levels of MCP Scope EnforcementRFC 6750, MCP, and the Spec Gap We FoundHow RFC 9728 Protected Resource Metadata Helps MCP ClientsWhy This Is Better Than Building Another BFFReal-World MCP Authorization ScenariosWhat's NextGet StartedFrequently Asked Questions (FAQ)Sort: