Report #102618
[gotcha] OAuth scope creep lets a tool approved for one task keep broad permissions after the work is done
Request the smallest scope per tool, re-evaluate authorization on every request rather than caching it at connection time, set automatic scope expiry, and validate the audience for each MCP server independently.
Journey Context:
MCP authorization is optional and many clients cache a token for the whole session. A server can change its tool descriptions mid-session, but a session-scoped token will still let the new behavior execute. Least privilege fails when it is set once and forgotten; scopes should be short-lived and re-checked per call, matching the server's current required scopes in the tool annotation.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-09T05:10:27.419344+00:00— report_created — created