MCP Inspector OAuth Flow – Handling Unsupported resource Parameter with AAD Federation #737
Description
While testing the OAuth flow using MCP Inspector, I observed the following behavior under the "Preparing Authorization" step:
The redirect to our IDP includes a resource parameter, for example:
/authorize?response_type=code&client_id=XXXXXXXXXXXX&code_challenge=XXXXXXX&code_challenge_method=S256&redirect_uri=http%3A%2F%2Flocalhost%3A6274%2Foauth%2Fcallback%2Fdebug&state=XXXX&scope=openid+profile+offline_access+name+given_name&prompt=consent&resource=https%3A%2F%2Furl001-cm.azurewebsites.net%2F
In our case, the IDP has a federation setup with Azure AD (Entra). After authentication, this leads to the following error:
AADSTS901002: The 'resource' request parameter is not supported.
As Entra does not support the resource parameter, this causes the flow to break.
Question:
Is there a way to conditionally omit the resource parameter in the MCP Inspector tool based on the target IDP (e.g., when the flow involves Azure AD/Entra)?
A mechanism to skip or suppress this parameter in such cases would help ensure broader compatibility across IDPs.
Appreciate your guidance.