Scope challenge http

[omgitsads]

Summary

Adds Scope Challenge middleware for OAuth tokens, and Scope tool filtering for PATs

Why

Fixes #

What changed

MCP impact

• No tool or API changes
• Tool schema or behavior changed
• New tool added

Prompts tested (tool changes only)

Security / limits

• No security or limits impact
• Auth / permissions considered
• Data exposure, filtering, or token/size limits considered

Tool renaming

• I am renaming tools as part of this PR (e.g. a part of a consolidation effort)
  • I have added the new tool aliases in deprecated_tool_aliases.go
• I am not renaming tools as part of this PR

Note: if you're renaming tools, you must add the tool aliases. For more information on how to do so, please refer to the official docs.

Lint & tests

• Linted locally with ./script/lint
• Tested locally with ./script/test

Docs

• Not needed
• Updated (README / docs / examples)

[Copilot]

Pull request overview

This PR implements OAuth scope challenge functionality for the HTTP server, adding token type detection, scope validation, and tool filtering based on token scopes. The implementation includes new middleware for parsing MCP requests and validating OAuth scopes, along with supporting infrastructure for token type identification and scope management.

Changes:

• Adds OAuth scope challenge middleware that validates token scopes and returns WWW-Authenticate challenges for insufficient permissions
• Implements token type detection for PATs, fine-grained PATs, OAuth tokens, GitHub App tokens, and IDE tokens
• Adds MCP request parsing middleware to extract method and tool information early in the request lifecycle
• Introduces tool scope mapping infrastructure to track which tools require which OAuth scopes
• Adds CLI flag --scope-challenge to enable the scope challenge feature

Reviewed changes

Copilot reviewed 18 out of 18 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
pkg/utils/token.go	New token parsing utility with type detection for various GitHub token formats
pkg/utils/api.go	Adds default API host resolver factory function
pkg/scopes/map.go	Tool scope mapping infrastructure for tracking tool scope requirements
pkg/scopes/map_test.go	Tests for tool scope mapping functionality
pkg/scopes/fetcher.go	Updates scope fetcher to use APIHostResolver interface instead of string
pkg/scopes/fetcher_test.go	Updates tests to use testAPIHostResolver
pkg/http/middleware/scope_challenge.go	New middleware for OAuth scope validation and challenge responses
pkg/http/middleware/mcp_parse.go	New middleware for early MCP JSON-RPC request parsing
pkg/http/middleware/token.go	Refactors token extraction to use centralized parsing utility
pkg/http/server.go	Adds ScopeChallenge config field and initializes scope fetcher
pkg/http/handler.go	Integrates scope challenge and fetcher into handler lifecycle
pkg/http/handler_test.go	Updates tests with scope fetcher mocks
pkg/context/token.go	Changes token context from string to TokenInfo struct with type information
pkg/context/mcp_info.go	New context type for storing parsed MCP method information
pkg/github/server.go	Uses MCP method info from context to optimize inventory filtering
pkg/github/dependencies.go	Updates to extract token from new TokenInfo structure
internal/ghmcp/server.go	Updates scope fetcher instantiation to use APIHostResolver
cmd/github-mcp-server/main.go	Adds --scope-challenge CLI flag

Comments suppressed due to low confidence (3)

pkg/http/server.go:143

• Variable name typo: "severOptions" should be "serverOptions" to match the corrected variable name.

	handler := NewHTTPMcpHandler(ctx, &cfg, deps, t, logger, apiHost, append(severOptions, WithFeatureChecker(featureChecker), WithOAuthConfig(oauthCfg))...)

pkg/http/server.go:139

• Variable name typo: "severOptions" should be "serverOptions" to match the corrected variable name.

		severOptions = append(severOptions, WithScopeFetcher(scopeFetcher))

pkg/http/middleware/scope_challenge.go:178

• The new scope_challenge.go middleware lacks test coverage. This middleware handles critical OAuth scope validation and authorization logic, including:

• Determining when to send scope challenges
• Fetching token scopes from GitHub API
• Checking if tools have required scopes
• Building WWW-Authenticate headers

Tests should verify the middleware behavior for different token types, scope combinations, error conditions, and ensure the fallback parsing logic works correctly.

package middleware

import (
	"bytes"
	"encoding/json"
	"fmt"
	"io"
	"net/http"
	"strings"

	ghcontext "github.com/github/github-mcp-server/pkg/context"
	"github.com/github/github-mcp-server/pkg/http/oauth"
	"github.com/github/github-mcp-server/pkg/scopes"
	"github.com/github/github-mcp-server/pkg/utils"
)

// WithScopeChallenge creates a new middleware that determines if an OAuth request contains sufficient scopes to
// complete the request and returns a scope challenge if not.
func WithScopeChallenge(oauthCfg *oauth.Config, scopeFetcher scopes.FetcherInterface) func(http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
		fn := func(w http.ResponseWriter, r *http.Request) {
			ctx := r.Context()

			// Skip health check endpoints
			if r.URL.Path == "/_ping" {
				next.ServeHTTP(w, r)
				return
			}

			// Get user from context
			tokenInfo, ok := ghcontext.GetTokenInfo(ctx)
			if !ok {
				next.ServeHTTP(w, r)
				return
			}

			// Only check OAuth tokens - scope challenge allows OAuth apps to request additional scopes
			if tokenInfo.TokenType != utils.TokenTypeOAuthAccessToken {
				next.ServeHTTP(w, r)
				return
			}

			// Try to use pre-parsed MCP method info first (performance optimization)
			// This avoids re-parsing the JSON body if WithMCPParse middleware ran earlier
			var toolName string
			if methodInfo, ok := ghcontext.MCPMethod(ctx); ok && methodInfo != nil {
				// Only check tools/call requests
				if methodInfo.Method != "tools/call" {
					next.ServeHTTP(w, r)
					return
				}
				toolName = methodInfo.ItemName
			} else {
				// Fallback: parse the request body directly
				body, err := io.ReadAll(r.Body)
				if err != nil {
					next.ServeHTTP(w, r)
					return
				}
				r.Body = io.NopCloser(bytes.NewReader(body))

				var mcpRequest struct {
					JSONRPC string `json:"jsonrpc"`
					Method  string `json:"method"`
					Params  struct {
						Name      string         `json:"name,omitempty"`
						Arguments map[string]any `json:"arguments,omitempty"`
					} `json:"params"`
				}

				err = json.Unmarshal(body, &mcpRequest)
				if err != nil {
					next.ServeHTTP(w, r)
					return
				}

				// Only check tools/call requests
				if mcpRequest.Method != "tools/call" {
					next.ServeHTTP(w, r)
					return
				}

				toolName = mcpRequest.Params.Name
			}
			toolScopeInfo, err := scopes.GetToolScopeInfo(toolName)
			if err != nil {
				next.ServeHTTP(w, r)
				return
			}

			// If tool not found in scope map, allow the request
			if toolScopeInfo == nil {
				next.ServeHTTP(w, r)
				return
			}

			// Get OAuth scopes from GitHub API
			activeScopes, err := scopeFetcher.FetchTokenScopes(ctx, tokenInfo.Token)
			if err != nil {
				next.ServeHTTP(w, r)
				return
			}

			// Store active scopes in context for downstream use
			ghcontext.SetTokenScopes(ctx, activeScopes)

			// Check if user has the required scopes
			if toolScopeInfo.HasAcceptedScope(activeScopes...) {
				next.ServeHTTP(w, r)
				return
			}

			// User lacks required scopes - get the scopes they need
			requiredScopes := toolScopeInfo.GetRequiredScopesSlice()

			// Build the resource metadata URL using the shared utility
			// GetEffectiveResourcePath returns the original path (e.g., /mcp or /mcp/x/all)
			// which is used to construct the well-known OAuth protected resource URL
			resourcePath := oauth.ResolveResourcePath(r, oauthCfg)
			resourceMetadataURL := oauth.BuildResourceMetadataURL(r, oauthCfg, resourcePath)

			// Build recommended scopes: existing scopes + required scopes
			recommendedScopes := make([]string, 0, len(activeScopes)+len(requiredScopes))
			recommendedScopes = append(recommendedScopes, activeScopes...)
			recommendedScopes = append(recommendedScopes, requiredScopes...)

			// Build the WWW-Authenticate header value
			wwwAuthenticateHeader := fmt.Sprintf(`Bearer error="insufficient_scope", scope=%q, resource_metadata=%q, error_description=%q`,
				strings.Join(recommendedScopes, " "),
				resourceMetadataURL,
				"Additional scopes required: "+strings.Join(requiredScopes, ", "),
			)

			// Send scope challenge response with the superset of existing and required scopes
			w.Header().Set("WWW-Authenticate", wwwAuthenticateHeader)
			http.Error(w, "Forbidden: insufficient scopes", http.StatusForbidden)
		}
		return http.HandlerFunc(fn)
	}
}

[Copilot]

Typo in variable name: "severOptions" should be "serverOptions". This inconsistent naming makes the code harder to read and maintain.

This issue also appears in the following locations of the same file:

• line 143
• line 139

Suggested change

	severOptions := []HandlerOption{}
	if cfg.ScopeChallenge {
	scopeFetcher := scopes.NewFetcher(scopes.FetcherOptions{
	APIHost: apiHost,
	})
	severOptions = append(severOptions, WithScopeFetcher(scopeFetcher))
	}
	r := chi.NewRouter()
	handler := NewHTTPMcpHandler(ctx, &cfg, deps, t, logger, apiHost, append(severOptions, WithFeatureChecker(featureChecker), WithOAuthConfig(oauthCfg))...)
	serverOptions := []HandlerOption{}
	if cfg.ScopeChallenge {
	scopeFetcher := scopes.NewFetcher(scopes.FetcherOptions{
	APIHost: apiHost,
	})
	serverOptions = append(serverOptions, WithScopeFetcher(scopeFetcher))
	}
	r := chi.NewRouter()
	handler := NewHTTPMcpHandler(ctx, &cfg, deps, t, logger, apiHost, append(serverOptions, WithFeatureChecker(featureChecker), WithOAuthConfig(oauthCfg))...)

[Copilot]

The WithMCPParse middleware is defined but never registered in the middleware chain. The scope challenge middleware at line 85 mentions that it tries to use pre-parsed MCP method info "if WithMCPParse middleware ran earlier", but this middleware is not being registered anywhere. This means the optimization path will never be taken and the request body will always be parsed twice (once in WithScopeChallenge and again in downstream handlers). Consider adding middleware.WithMCPParse() to the middleware chain before WithScopeChallenge at line 122.

Suggested change

	middleware.WithRequestConfig,
	middleware.WithRequestConfig,
	middleware.WithMCPParse(),

[Copilot]

The new ScopeChallenge configuration field lacks documentation. Add a comment explaining what this field does, when it should be enabled, and its implications for the server behavior. This is especially important given this is a public field in a configuration struct.

Suggested change

	// ScopeChallenge indicates if we should return OAuth scope challenges, and if we should perform
	// tool filtering based on token scopes.
	// ScopeChallenge controls whether the server returns OAuth scope challenges and filters
	// available tools based on the scopes present on the incoming access token.
	//
	// When enabled:
	// - Requests are evaluated against the token's scopes.
	// - Tools that require scopes the token does not have may be hidden or rejected.
	// - Responses can include information about missing scopes so callers may choose
	// to re-authorize with a broader set of permissions.
	//
	// Enable this when the client or hosting environment can react to scope challenges
	// (for example, by prompting the user to grant additional scopes).
	// When disabled, the server does not perform scope-based tool filtering and does not
	// surface scope upgrade hints; authorization failures are returned as normal errors.

[Copilot]

Using panic in NewDefaultAPIHostResolver is inappropriate for a library function. The comment says "This should never happen" but if it does happen, it will crash the entire application. Consider returning an error instead or logging and using a fallback value. This is especially important since this function could be called from external code that depends on this repository as a library.

[Copilot]

The new mcp_parse.go middleware lacks test coverage. This middleware parses MCP JSON-RPC requests and extracts method info, owner/repo arguments. Tests should verify:

• Correct parsing of different MCP methods (tools/call, prompts/get, resources/read)
• Handling of malformed JSON
• Proper restoration of request body for downstream handlers
• Extraction of owner/repo from tool arguments
• Behavior when JSON-RPC version is not 2.0 or method is empty

[Copilot]

The exported function FetchScopesFromGitHubAPI is defined but never used anywhere in the codebase. It appears to be redundant with the scopes.FetcherInterface and scopes.Fetcher which are actually used in the middleware. Consider removing this unused function or documenting its intended use case if it's meant to be a public API.

[Copilot]

The new token.go file with ParseAuthorizationHeader function and related token type detection logic lacks test coverage. Given that this is critical security-related functionality that parses authentication headers and determines token types, comprehensive tests should be added to verify:

• Correct parsing of different token formats
• Proper error handling for malformed headers
• Token type detection for all supported prefixes
• Edge cases like empty headers, missing Bearer prefix, etc.