Add OAuth Scope Validation for MCP Authentication [#3569845]

When authenticating from the MCP client to the server, the authentication succeeds with all the dynamic scopes requested. There should be an option to enable or configure only the supported OAuth fields/scopes.

Issue fork mcp-3569845

Show commands

Start within a Git clone of the project using the version control instructions.

Add & fetch this issue fork’s repository

Or, if you do not have SSH keys set up on git.drupalcode.org:

Add & fetch this issue fork’s repository

3569845-add-oauth-scope changes, plain diff MR !44
Check out this branch for the first time

Check out existing branch, if you already have it locally

About issue forks

Comments

Comment #1

27 January 2026 at 11:01

shubhamgoel created an issue. See original summary.

Comment #2

27 January 2026 at 11:07

shubhamgoel opened merge request !44

Comment #3

shubhamgoel commented 27 January 2026 at 11:13

Status:

Active

» Needs review

This update introduces OAuth scope-based access control for the Model Context Protocol (MCP) server, allowing administrators to restrict MCP access to OAuth tokens with specific scopes.

Added ModuleHandlerInterface dependency for module detection
New checkbox: "Enable OAuth Scope Validation" — toggles scope-based access control
New checkboxes: "Allowed OAuth Scopes" — multi-select for permitted OAuth scopes from Simple OAuth
Displays a warning notice when Simple OAuth module is not installed
Updated submitForm() to save the OAuth scope configuration

Please review and merge the MR #44

Add OAuth Scope Validation for MCP Authentication

Issue fork mcp-3569845

Comments

Comment #1

Comment #2

Comment #3

News items

Our community

Documentation

Drupal code base

Governance of community