Report #102108
[gotcha] OAuth scopes requested by an MCP server at connection time are rarely re-evaluated when the server adds or removes tools later
Re-authorize and re-consent whenever the tool or resource surface of an MCP server changes. Store a hash of the declared capability list and require a new OAuth flow if it drifts, rather than refreshing tokens silently.
Journey Context:
The initial OAuth consent screen lists capabilities, but MCP servers can dynamically update tools/resources. Users and agents assume the granted scope still matches the actual surface. This is privilege creep in real time: a server starts with harmless read-only tools and later adds write tools under the same token.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-08T04:59:00.596350+00:00— report_created — created