When connecting an MCP Server using OAuth authentication, ChatGPT does not request the scopes openid and profile when obtaining the access token. This is an issue as the token being generating for example when using a server such as Auth0 is a valid token but it contains no claims and thus it does not identify the authenticated user.
ChatGPT should send those scopes if the server supports them. ChatGPT can discover whether the server supports those scopes when it visits the .well-known endpoints.
While we look into this, I wonder if you can explicitly configure your connector (via Developer Mode) to send openid profile as the required scopes, or adjust your authorization server to include identity claims or issue an ID token even when no scope parameter is provided.
We are experiencing a similar issue. Could you please provide specific guidance on how to configure the connector in the developer mode, to send the scopes as you suggested?
if you can explicitly configure your connector (via Developer Mode) to send openid profile as the required scopes
The ChatGTP UI does not allow any configuration of scopes.
adjust your authorization server to include identity claims or issue an ID token even when no scope parameter is provided.
That it is not possible, the scopes need to be requested by ChatGPT, the user has to consent to those scopes and then the auth server generate the appropriate response