[BUG] AuthConfig.default_scope is not correctly used？

[heliannuuthus]

Describe the bug
While debugging the local fastmcp_api using modelcontextprotocol/inspector, it was observed that:

When building the built-in authentication endpoint, the scope is first retrieved from the query parameters of the request.

If no scope is provided in the query, a default_scope is used instead.

However, this default_scope is not the AuthConfig.default_scope.

To Reproduce

1. Configure an AuthConfig with a default_scope:

   auth_config = AuthConfig(default_scope="openid profile email")

2. Start the local fastmcp_api and debug using modelcontextprotocol/inspector.
3. Send a request without the scope parameter:

   GET /auth/authorize?client_id=xxx&response_type=code&redirect_uri=yyy
   

4. Observe that the returned result does not use the default_scope from AuthConfig.

System Info

• OS: Ubuntu 24.04.x
• Python: 3.12.x
• FastMCP API version: local development (latest main branch)
• Debugging tool: modelcontextprotocol/inspector

[heliannuuthus]

In fastapi_mcp/server.py#L262-L267, it looks like we could set the default_scope parameter when calling setup_oauth_authorize_proxy, using self._auth_config.default_scope.

Current code:

setup_oauth_authorize_proxy(
    app=self.fastapi,
    client_id=self._auth_config.client_id,
    authorize_url=self._auth_config.authorize_url,
    audience=self._auth_config.audience,
)

Suggested adjustment:

setup_oauth_authorize_proxy(
    app=self.fastapi,
    client_id=self._auth_config.client_id,
    authorize_url=self._auth_config.authorize_url,
    audience=self._auth_config.audience,
+    default_scope=self._auth_config.default_scope,
)