Support tool-level required scopes enforcement

[anvibanga]

Enhancement

Currently, required_scopes enforcement exists only at the server level, meaning all tools share the same required scopes configuration. This makes it difficult to implement more granular access control where different tools may require different permissions.

Proposed Feature: Add support for tool-level required_scopes enforcement. This would allow developers to declare scope requirements on a per-tool basis, rather than only globally.

Benefits: Supporting tool-level scope enforcement would make it possible to apply more fine-grained authorization controls that align with the principle of least privilege. Instead of requiring every client to request a large superset of scopes just to access a single sensitive tool, servers could expose both sensitive and non-sensitive tools with appropriate permissions enforced individually. This improves security, ensures that clients only receive the access they truly need, and enhances interoperability by making it easier for different clients to use the same MCP server without being over-provisioned.

[csking101]

Hi @anvibanga , I can take this up. I will update this comment with my approach soon.

[korte-calendly]

+1 to this feature! If we could have the server only list tools that the authenticated scopes allow, that would be excellent.

[jlowin]

I like this idea a lot and the maintainers will likely take it up -- community PRs are welcome BUT must be accompanied by an approved enhancement proposal in a separate issue. Anything touching something as sensitive as auth has to comply with some of the design goals and private structures in the framework.