Fix #1430: Client Credentials providers scopes support (backported)

[NSeydoux]

This adds support for a scope parameter in the client credentials OAuth providers as described in #1430.

Motivation and Context

A client may now specify which scopes it requests to the Authorization Server.

How Has This Been Tested?

I have tested against an OAuth-compliant Authorization Server and an MCP Resource Server enforcing access control based on Access Token scopes.

Breaking Changes

No, the change is opt-in and the default behavior remains the same.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update

Checklist

• I have read the MCP Documentation
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling (N/A)
• I have added or updated documentation as needed

Additional context

This is a backport of this feature to the v1.x branch, I'll open a similar PR against the upcoming v2 branch.

[changeset-bot]

⚠️ No Changeset found

Latest commit: ea4cc49

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/modelcontextprotocol/typescript-sdk/@modelcontextprotocol/sdk@1442

commit: ea4cc49

[pcarleton]

Change looks good, i think it just needs linting

[NSeydoux]

Should I add a changeset, or is it something that is done by maintainers at release time?

[pcarleton]

we should fix that comment... changesets only matter for the main branch (i.e. v2 alpha)