fix: address remaining PR #589 review findings

- Consolidate MCP session + login flow cleanup into _mcp_session_with_login_flow() helper,
  replacing 4 duplicated AsyncExitStack sites in app.py
- Fix get_shared_storage() race condition by using module-level anyio.Lock() init
  (reverts regression from ba59763)
- Collapse cosmetic if/else branching in scope_authorization.py
- Consolidate dual password storage paths into single store_app_password_with_scopes() call
- Mark unused request param as _ in list_supported_scopes
- Make ALL_SUPPORTED_SCOPES an immutable tuple; use list() instead of .copy()
- Add hasattr(ctx, "elicit") guard in elicitation.py, narrow except to NotImplementedError
- Add YAML comment explaining --oauth flag for mcp-login-flow service

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Chris Coutinho
2026-03-02 09:59:56 +01:00
parent ba597634bd
commit 0d14c75eb1
9 changed files with 36 additions and 42 deletions
+1 -1
View File
@@ -84,7 +84,7 @@ def register_auth_tools(mcp: FastMCP) -> None:
)
# Determine scopes
requested_scopes = scopes if scopes else ALL_SUPPORTED_SCOPES.copy()
requested_scopes = scopes if scopes else list(ALL_SUPPORTED_SCOPES)
# Validate requested scopes
invalid_scopes = [s for s in requested_scopes if s not in ALL_SUPPORTED_SCOPES]