fastmcp 2.12.2__py3-none-any.whl → 2.12.4__py3-none-any.whl

fastmcp/client/auth/oauth.py

@@ -1,7 +1,6 @@
 from __future__ import annotations
 
 import asyncio
-import json
 import webbrowser
 from asyncio import Future
 from collections.abc import AsyncGenerator
@@ -29,6 +28,7 @@ from fastmcp.client.oauth_callback import (
 )
 from fastmcp.utilities.http import find_available_port
 from fastmcp.utilities.logging import get_logger
+from fastmcp.utilities.storage import JSONFileStorage
 
 __all__ = ["OAuth"]
 
@@ -62,13 +62,14 @@ class FileTokenStorage(TokenStorage):
     Implements the mcp.client.auth.TokenStorage protocol.
 
     Each instance is tied to a specific server URL for proper token isolation.
+    Uses JSONFileStorage internally for consistent file handling.
     """
 
     def __init__(self, server_url: str, cache_dir: Path | None = None):
         """Initialize storage for a specific server URL."""
         self.server_url = server_url
-        self.cache_dir = cache_dir or default_cache_dir()
-        self.cache_dir.mkdir(exist_ok=True, parents=True)
+        # Use JSONFileStorage for actual file operations
+        self._storage = JSONFileStorage(cache_dir or default_cache_dir())
 
     @staticmethod
     def get_base_url(url: str) -> str:
@@ -76,28 +77,33 @@ class FileTokenStorage(TokenStorage):
         parsed = urlparse(url)
         return f"{parsed.scheme}://{parsed.netloc}"
 
-    def get_cache_key(self) -> str:
-        """Generate a safe filesystem key from the server's base URL."""
+    def _get_storage_key(self, file_type: Literal["client_info", "tokens"]) -> str:
+        """Get the storage key for the specified data type.
+
+        JSONFileStorage will handle making the key filesystem-safe.
+        """
         base_url = self.get_base_url(self.server_url)
-        return (
-            base_url.replace("://", "_")
-            .replace(".", "_")
-            .replace("/", "_")
-            .replace(":", "_")
-        )
+        return f"{base_url}_{file_type}"
 
     def _get_file_path(self, file_type: Literal["client_info", "tokens"]) -> Path:
-        """Get the file path for the specified cache file type."""
-        key = self.get_cache_key()
-        return self.cache_dir / f"{key}_{file_type}.json"
+        """Get the file path for the specified cache file type.
+
+        This method is kept for backward compatibility with tests that access _get_file_path.
+        """
+        key = self._get_storage_key(file_type)
+        return self._storage._get_file_path(key)
 
     async def get_tokens(self) -> OAuthToken | None:
         """Load tokens from file storage."""
-        path = self._get_file_path("tokens")
+        key = self._get_storage_key("tokens")
+        data = await self._storage.get(key)
+
+        if data is None:
+            return None
 
         try:
-            # Parse JSON and validate as StoredToken
-            stored = stored_token_adapter.validate_json(path.read_text())
+            # Parse and validate as StoredToken
+            stored = stored_token_adapter.validate_python(data)
 
             # Check if token is expired
             if stored.expires_at is not None:
@@ -117,15 +123,15 @@ class FileTokenStorage(TokenStorage):
 
             return stored.token_payload
 
-        except (FileNotFoundError, ValidationError) as e:
+        except ValidationError as e:
             logger.debug(
-                f"Could not load tokens for {self.get_base_url(self.server_url)}: {e}"
+                f"Could not validate tokens for {self.get_base_url(self.server_url)}: {e}"
             )
             return None
 
     async def set_tokens(self, tokens: OAuthToken) -> None:
         """Save tokens to file storage."""
-        path = self._get_file_path("tokens")
+        key = self._get_storage_key("tokens")
 
         # Calculate absolute expiry time if expires_in is present
         expires_at = None
@@ -134,19 +140,22 @@ class FileTokenStorage(TokenStorage):
                 seconds=tokens.expires_in
             )
 
-        # Create StoredToken and save using Pydantic serialization
+        # Create StoredToken and save using storage
+        # Note: JSONFileStorage will wrap this in {"data": ..., "timestamp": ...}
         stored = StoredToken(token_payload=tokens, expires_at=expires_at)
-
-        path.write_text(stored.model_dump_json(indent=2))
+        await self._storage.set(key, stored.model_dump(mode="json"))
         logger.debug(f"Saved tokens for {self.get_base_url(self.server_url)}")
 
     async def get_client_info(self) -> OAuthClientInformationFull | None:
         """Load client information from file storage."""
-        path = self._get_file_path("client_info")
+        key = self._get_storage_key("client_info")
+        data = await self._storage.get(key)
+
+        if data is None:
+            return None
+
         try:
-            client_info = OAuthClientInformationFull.model_validate_json(
-                path.read_text()
-            )
+            client_info = OAuthClientInformationFull.model_validate(data)
             # Check if we have corresponding valid tokens
             # If no tokens exist, the OAuth flow was incomplete and we should
             # force a fresh client registration
@@ -157,27 +166,31 @@ class FileTokenStorage(TokenStorage):
                     "OAuth flow may have been incomplete. Clearing client info to force fresh registration."
                 )
                 # Clear the incomplete client info
-                client_info_path = self._get_file_path("client_info")
-                client_info_path.unlink(missing_ok=True)
+                await self._storage.delete(key)
                 return None
 
             return client_info
-        except (FileNotFoundError, json.JSONDecodeError, ValidationError) as e:
+        except ValidationError as e:
             logger.debug(
-                f"Could not load client info for {self.get_base_url(self.server_url)}: {e}"
+                f"Could not validate client info for {self.get_base_url(self.server_url)}: {e}"
             )
             return None
 
     async def set_client_info(self, client_info: OAuthClientInformationFull) -> None:
         """Save client information to file storage."""
-        path = self._get_file_path("client_info")
-        path.write_text(client_info.model_dump_json(indent=2))
+        key = self._get_storage_key("client_info")
+        await self._storage.set(key, client_info.model_dump(mode="json"))
         logger.debug(f"Saved client info for {self.get_base_url(self.server_url)}")
 
     def clear(self) -> None:
-        """Clear all cached data for this server."""
+        """Clear all cached data for this server.
+
+        Note: This is a synchronous method for backward compatibility.
+        Uses direct file operations instead of async storage methods.
+        """
         file_types: list[Literal["client_info", "tokens"]] = ["client_info", "tokens"]
         for file_type in file_types:
+            # Use the file path directly for synchronous deletion
             path = self._get_file_path(file_type)
             path.unlink(missing_ok=True)
         logger.debug(f"Cleared OAuth cache for {self.get_base_url(self.server_url)}")
@@ -318,8 +331,8 @@ class OAuth(OAuthClientProvider):
                     "OAuth client not found - cached credentials may be stale"
                 )
 
-            # For any non-redirect response, something is wrong
-            if response.status_code not in (302, 303, 307, 308):
+            # OAuth typically returns redirects, but some providers return 200 with HTML login pages
+            if response.status_code not in (200, 302, 303, 307, 308):
                 raise RuntimeError(
                     f"Unexpected authorization response: {response.status_code}"
                 )
@@ -355,7 +368,7 @@ class OAuth(OAuthClientProvider):
                 raise TimeoutError(f"OAuth callback timed out after {TIMEOUT} seconds")
             finally:
                 server.should_exit = True
-                await asyncio.sleep(0.1)  # Allow server to shutdown gracefully
+                await asyncio.sleep(0.1)  # Allow server to shut down gracefully
                 tg.cancel_scope.cancel()
 
         raise RuntimeError("OAuth callback handler could not be started")

fastmcp/client/client.py

@@ -454,7 +454,7 @@ class Client(Generic[ClientTransportT]):
             if self._session_state.nesting_counter > 0:
                 return
 
-            # stop the active seesion
+            # stop the active session
             if self._session_state.session_task is None:
                 return
             self._session_state.stop_event.set()
@@ -505,7 +505,7 @@ class Client(Generic[ClientTransportT]):
     ) -> None:
         """Send a cancellation notification for an in-progress request."""
         notification = mcp.types.ClientNotification(
-            mcp.types.CancelledNotification(
+            root=mcp.types.CancelledNotification(
                 method="notifications/cancelled",
                 params=mcp.types.CancelledNotificationParams(
                     requestId=request_id,
@@ -743,14 +743,17 @@ class Client(Generic[ClientTransportT]):
 
     async def complete_mcp(
         self,
-        ref: mcp.types.ResourceReference | mcp.types.PromptReference,
+        ref: mcp.types.ResourceTemplateReference | mcp.types.PromptReference,
         argument: dict[str, str],
+        context_arguments: dict[str, Any] | None = None,
     ) -> mcp.types.CompleteResult:
         """Send a completion request and return the complete MCP protocol result.
 
         Args:
-            ref (mcp.types.ResourceReference | mcp.types.PromptReference): The reference to complete.
+            ref (mcp.types.ResourceTemplateReference | mcp.types.PromptReference): The reference to complete.
             argument (dict[str, str]): Arguments to pass to the completion request.
+            context_arguments (dict[str, Any] | None, optional): Optional context arguments to
+                include with the completion request. Defaults to None.
 
         Returns:
             mcp.types.CompleteResult: The complete response object from the protocol,
@@ -761,19 +764,24 @@ class Client(Generic[ClientTransportT]):
         """
         logger.debug(f"[{self.name}] called complete: {ref}")
 
-        result = await self.session.complete(ref=ref, argument=argument)
+        result = await self.session.complete(
+            ref=ref, argument=argument, context_arguments=context_arguments
+        )
         return result
 
     async def complete(
         self,
-        ref: mcp.types.ResourceReference | mcp.types.PromptReference,
+        ref: mcp.types.ResourceTemplateReference | mcp.types.PromptReference,
         argument: dict[str, str],
+        context_arguments: dict[str, Any] | None = None,
     ) -> mcp.types.Completion:
         """Send a completion request to the server.
 
         Args:
-            ref (mcp.types.ResourceReference | mcp.types.PromptReference): The reference to complete.
+            ref (mcp.types.ResourceTemplateReference | mcp.types.PromptReference): The reference to complete.
             argument (dict[str, str]): Arguments to pass to the completion request.
+            context_arguments (dict[str, Any] | None, optional): Optional context arguments to
+                include with the completion request. Defaults to None.
 
         Returns:
             mcp.types.Completion: The completion object.
@@ -781,7 +789,9 @@ class Client(Generic[ClientTransportT]):
         Raises:
             RuntimeError: If called while the client is not connected.
         """
-        result = await self.complete_mcp(ref=ref, argument=argument)
+        result = await self.complete_mcp(
+            ref=ref, argument=argument, context_arguments=context_arguments
+        )
         return result.completion
 
     # --- Tools ---

fastmcp/client/elicitation.py

@@ -59,7 +59,12 @@ def create_elicitation_callback(
                     "Elicitation responses must be serializable as a JSON object (dict). Received: "
                     f"{result.content!r}"
                 )
-            return MCPElicitResult(**result.model_dump() | {"content": content})
+            return MCPElicitResult(
+                _meta=result.meta,
+                action=result.action,
+                content=content,
+            )
+
         except Exception as e:
             return mcp.types.ErrorData(
                 code=mcp.types.INTERNAL_ERROR,

fastmcp/client/transports.py

@@ -609,7 +609,7 @@ class UvStdioTransport(StdioTransport):
         uv_args: list[str] = []
 
         # Check if we need any environment setup
-        if env_config.needs_uv():
+        if env_config._must_run_with_uv():
             # Use the config to build args, but we need to handle the command differently
             # since transport has specific needs
             uv_args = ["run"]

fastmcp/contrib/component_manager/component_service.py

@@ -174,7 +174,7 @@ class ComponentService:
             key: The key of the prompt to enable
 
         Returns:
-            The prompt that was enable
+            The prompt that was enabled
         """
         logger.debug("Enabling prompt: %s", key)
 

fastmcp/contrib/mcp_mixin/README.md

@@ -16,7 +16,7 @@ Prompts:
 * [enable/disable](https://gofastmcp.com/servers/prompts#disabling-prompts)
 
 Resources:
-* [enable/disabe](https://gofastmcp.com/servers/resources#disabling-resources)
+* [enable/disable](https://gofastmcp.com/servers/resources#disabling-resources)
   
 ## Usage
 
@@ -91,12 +91,12 @@ class MyComponent(MCPMixin):
     # prompt
     @mcp_prompt(name="A prompt")
     def prompt_method(self, name):
-        return f"Whats up {name}?"
+        return f"What's up {name}?"
 
     # disabled prompt
     @mcp_prompt(name="A prompt", enabled=False)
     def prompt_method(self, name):
-        return f"Whats up {name}?"
+        return f"What's up {name}?"
 
 mcp_server = FastMCP()
 component = MyComponent()

fastmcp/contrib/mcp_mixin/mcp_mixin.py

@@ -8,6 +8,7 @@ from mcp.types import ToolAnnotations
 from fastmcp.prompts.prompt import Prompt
 from fastmcp.resources.resource import Resource
 from fastmcp.tools.tool import Tool
+from fastmcp.utilities.types import get_fn_name
 
 if TYPE_CHECKING:
     from fastmcp.server import FastMCP
@@ -34,7 +35,7 @@ def mcp_tool(
 
     def decorator(func: Callable[..., Any]) -> Callable[..., Any]:
         call_args = {
-            "name": name or func.__name__,
+            "name": name or get_fn_name(func),
             "description": description,
             "tags": tags,
             "annotations": annotations,
@@ -63,7 +64,7 @@ def mcp_resource(
     def decorator(func: Callable[..., Any]) -> Callable[..., Any]:
         call_args = {
             "uri": uri,
-            "name": name or func.__name__,
+            "name": name or get_fn_name(func),
             "description": description,
             "mime_type": mime_type,
             "tags": tags,
@@ -88,7 +89,7 @@ def mcp_prompt(
 
     def decorator(func: Callable[..., Any]) -> Callable[..., Any]:
         call_args = {
-            "name": name or func.__name__,
+            "name": name or get_fn_name(func),
             "description": description,
             "tags": tags,
             "enabled": enabled,
@@ -146,7 +147,21 @@ class MCPMixin:
                 registration_info["name"] = (
                     f"{prefix}{separator}{registration_info['name']}"
                 )
-            tool = Tool.from_function(fn=method, **registration_info)
+
+            tool = Tool.from_function(
+                fn=method,
+                name=registration_info.get("name"),
+                title=registration_info.get("title"),
+                description=registration_info.get("description"),
+                tags=registration_info.get("tags"),
+                annotations=registration_info.get("annotations"),
+                exclude_args=registration_info.get("exclude_args"),
+                serializer=registration_info.get("serializer"),
+                output_schema=registration_info.get("output_schema"),
+                meta=registration_info.get("meta"),
+                enabled=registration_info.get("enabled"),
+            )
+
             mcp_server.add_tool(tool)
 
     def register_resources(
@@ -175,7 +190,19 @@ class MCPMixin:
                 registration_info["uri"] = (
                     f"{prefix}{separator}{registration_info['uri']}"
                 )
-            resource = Resource.from_function(fn=method, **registration_info)
+
+            resource = Resource.from_function(
+                fn=method,
+                uri=registration_info["uri"],
+                name=registration_info.get("name"),
+                description=registration_info.get("description"),
+                mime_type=registration_info.get("mime_type"),
+                tags=registration_info.get("tags"),
+                enabled=registration_info.get("enabled"),
+                annotations=registration_info.get("annotations"),
+                meta=registration_info.get("meta"),
+            )
+
             mcp_server.add_resource(resource)
 
     def register_prompts(
@@ -200,7 +227,15 @@ class MCPMixin:
                 registration_info["name"] = (
                     f"{prefix}{separator}{registration_info['name']}"
                 )
-            prompt = Prompt.from_function(fn=method, **registration_info)
+            prompt = Prompt.from_function(
+                fn=method,
+                name=registration_info.get("name"),
+                title=registration_info.get("title"),
+                description=registration_info.get("description"),
+                tags=registration_info.get("tags"),
+                enabled=registration_info.get("enabled"),
+                meta=registration_info.get("meta"),
+            )
             mcp_server.add_prompt(prompt)
 
     def register_all(

fastmcp/experimental/utilities/openapi/director.py

@@ -69,7 +69,14 @@ class RequestDirector:
                 request_data["content"] = body
 
         # Step 5: Create httpx.Request
-        return httpx.Request(**{k: v for k, v in request_data.items() if v is not None})
+        return httpx.Request(
+            method=request_data["method"],
+            url=request_data["url"],
+            params=request_data.get("params"),
+            headers=request_data.get("headers"),
+            json=request_data.get("json"),
+            content=request_data.get("content"),
+        )
 
     def _unflatten_arguments(
         self, route: HTTPRoute, flat_args: dict[str, Any]

fastmcp/experimental/utilities/openapi/schemas.py

@@ -79,6 +79,7 @@ def _replace_ref_with_defs(
 
     Examples:
     - {"type": "object", "properties": {"$ref": "#/components/schemas/..."}}
+    - {"type": "object", "additionalProperties": {"$ref": "#/components/schemas/..."}, "properties": {...}}
     - {"$ref": "#/components/schemas/..."}
     - {"items": {"$ref": "#/components/schemas/..."}}
     - {"anyOf": [{"$ref": "#/components/schemas/..."}]}
@@ -117,6 +118,11 @@ def _replace_ref_with_defs(
     for section in ["anyOf", "allOf", "oneOf"]:
         for i, item in enumerate(schema.get(section, [])):
             schema[section][i] = _replace_ref_with_defs(item)
+    if additionalProperties := schema.get("additionalProperties"):
+        if not isinstance(additionalProperties, bool):
+            schema["additionalProperties"] = _replace_ref_with_defs(
+                additionalProperties
+            )
     if info.get("description", description) and not schema.get("description"):
         schema["description"] = description
     return schema
@@ -297,9 +303,11 @@ def _combine_schemas_and_map_params(
 
             # Convert refs if needed
             if convert_refs:
-                param_schema = _replace_ref_with_defs(param.schema_)
+                param_schema = _replace_ref_with_defs(param.schema_, param.description)
             else:
-                param_schema = param.schema_
+                param_schema = param.schema_.copy()
+                if param.description and not param_schema.get("description"):
+                    param_schema["description"] = param.description
             original_desc = param_schema.get("description", "")
             location_desc = f"({param.location.capitalize()} parameter)"
             if original_desc:
@@ -324,9 +332,11 @@ def _combine_schemas_and_map_params(
 
             # Convert refs if needed
             if convert_refs:
-                param_schema = _replace_ref_with_defs(param.schema_)
+                param_schema = _replace_ref_with_defs(param.schema_, param.description)
             else:
-                param_schema = param.schema_
+                param_schema = param.schema_.copy()
+                if param.description and not param_schema.get("description"):
+                    param_schema["description"] = param.description
 
             # Don't make optional parameters nullable - they can simply be omitted
             # The OpenAPI specification doesn't require optional parameters to accept null values
@@ -344,7 +354,7 @@ def _combine_schemas_and_map_params(
             if route.request_body.required:
                 required.append("body")
             parameter_map["body"] = {"location": "body", "openapi_name": "body"}
-        else:
+        elif body_props:
             # Normal case: body has properties
             for prop_name, prop_schema in body_props.items():
                 properties[prop_name] = prop_schema
@@ -357,6 +367,22 @@ def _combine_schemas_and_map_params(
 
             if route.request_body.required:
                 required.extend(body_schema.get("required", []))
+        else:
+            # Handle direct array/primitive schemas (like list[str] parameters from FastAPI)
+            # Use the schema title as parameter name, fall back to generic name
+            param_name = body_schema.get("title", "body").lower()
+
+            # Clean the parameter name to be valid
+            import re
+
+            param_name = re.sub(r"[^a-zA-Z0-9_]", "_", param_name)
+            if not param_name or param_name[0].isdigit():
+                param_name = "body_data"
+
+            properties[param_name] = body_schema
+            if route.request_body.required:
+                required.append(param_name)
+            parameter_map[param_name] = {"location": "body", "openapi_name": param_name}
 
     result = {
         "type": "object",

fastmcp/prompts/prompt.py

@@ -100,14 +100,16 @@ class Prompt(FastMCPComponent, ABC):
             )
             for arg in self.arguments or []
         ]
-        kwargs = {
-            "name": self.name,
-            "description": self.description,
-            "arguments": arguments,
-            "title": self.title,
-            "_meta": self.get_meta(include_fastmcp_meta=include_fastmcp_meta),
-        }
-        return MCPPrompt(**kwargs | overrides)
+
+        return MCPPrompt(
+            name=overrides.get("name", self.name),
+            description=overrides.get("description", self.description),
+            arguments=arguments,
+            title=overrides.get("title", self.title),
+            _meta=overrides.get(
+                "_meta", self.get_meta(include_fastmcp_meta=include_fastmcp_meta)
+            ),
+        )
 
     @staticmethod
     def from_function(

fastmcp/resources/resource.py

@@ -24,6 +24,7 @@ from fastmcp.server.dependencies import get_context
 from fastmcp.utilities.components import FastMCPComponent
 from fastmcp.utilities.types import (
     find_kwarg_by_type,
+    get_fn_name,
 )
 
 if TYPE_CHECKING:
@@ -122,16 +123,18 @@ class Resource(FastMCPComponent, abc.ABC):
         **overrides: Any,
     ) -> MCPResource:
         """Convert the resource to an MCPResource."""
-        kwargs = {
-            "uri": self.uri,
-            "name": self.name,
-            "description": self.description,
-            "mimeType": self.mime_type,
-            "title": self.title,
-            "annotations": self.annotations,
-            "_meta": self.get_meta(include_fastmcp_meta=include_fastmcp_meta),
-        }
-        return MCPResource(**kwargs | overrides)
+
+        return MCPResource(
+            name=overrides.get("name", self.name),
+            uri=overrides.get("uri", self.uri),
+            description=overrides.get("description", self.description),
+            mimeType=overrides.get("mimeType", self.mime_type),
+            title=overrides.get("title", self.title),
+            annotations=overrides.get("annotations", self.annotations),
+            _meta=overrides.get(
+                "_meta", self.get_meta(include_fastmcp_meta=include_fastmcp_meta)
+            ),
+        )
 
     def __repr__(self) -> str:
         return f"{self.__class__.__name__}(uri={self.uri!r}, name={self.name!r}, description={self.description!r}, tags={self.tags})"
@@ -182,7 +185,7 @@ class FunctionResource(Resource):
         return cls(
             fn=fn,
             uri=uri,
-            name=name or fn.__name__,
+            name=name or get_fn_name(fn),
             title=title,
             description=description or inspect.getdoc(fn),
             mime_type=mime_type or "text/plain",

fastmcp/resources/template.py

@@ -154,16 +154,18 @@ class ResourceTemplate(FastMCPComponent):
         **overrides: Any,
     ) -> MCPResourceTemplate:
         """Convert the resource template to an MCPResourceTemplate."""
-        kwargs = {
-            "uriTemplate": self.uri_template,
-            "name": self.name,
-            "description": self.description,
-            "mimeType": self.mime_type,
-            "title": self.title,
-            "annotations": self.annotations,
-            "_meta": self.get_meta(include_fastmcp_meta=include_fastmcp_meta),
-        }
-        return MCPResourceTemplate(**kwargs | overrides)
+
+        return MCPResourceTemplate(
+            name=overrides.get("name", self.name),
+            uriTemplate=overrides.get("uriTemplate", self.uri_template),
+            description=overrides.get("description", self.description),
+            mimeType=overrides.get("mimeType", self.mime_type),
+            title=overrides.get("title", self.title),
+            annotations=overrides.get("annotations", self.annotations),
+            _meta=overrides.get(
+                "_meta", self.get_meta(include_fastmcp_meta=include_fastmcp_meta)
+            ),
+        )
 
     @classmethod
     def from_mcp_template(cls, mcp_template: MCPResourceTemplate) -> ResourceTemplate:

fastmcp/server/auth/auth.py

@@ -1,7 +1,6 @@
 from __future__ import annotations
 
 from typing import Any
-from urllib.parse import urljoin
 
 from mcp.server.auth.middleware.auth_context import AuthContextMiddleware
 from mcp.server.auth.middleware.bearer_auth import (
@@ -146,8 +145,9 @@ class AuthProvider(TokenVerifierProtocol):
             return None
 
         if path:
-            return AnyHttpUrl(urljoin(str(self.base_url), path))
-
+            prefix = str(self.base_url).rstrip("/")
+            suffix = path.lstrip("/")
+            return AnyHttpUrl(f"{prefix}/{suffix}")
         return self.base_url
 
 
@@ -353,10 +353,16 @@ class OAuthProvider(
 
         # Add protected resource routes if this server is also acting as a resource server
         if resource_url:
+            supported_scopes = (
+                self.client_registration_options.valid_scopes
+                if self.client_registration_options
+                and self.client_registration_options.valid_scopes
+                else self.required_scopes
+            )
             protected_routes = create_protected_resource_routes(
                 resource_url=resource_url,
                 authorization_servers=[self.issuer_url],
-                scopes_supported=self.required_scopes,
+                scopes_supported=supported_scopes,
             )
             oauth_routes.extend(protected_routes)