Context
`src/utils/setup-utils.ts:495` requests `introspection` as part of the wizard's interactive OAuth scope set. Per RFC 7662, `introspection` is the OAuth Token Introspection endpoint, not a grantable scope. Per RFC 8414, it's correctly published in AS metadata as `introspection_endpoint`, never as a member of `scopes_supported`.
PostHog/posthog#56835 removed it from MCP's published scope list for this reason. The wizard still requests it, which means the AS either silently drops it or quietly issues an `invalid_scope` warning that we never surface.
Change
Remove `'introspection'` from the scope array at `setup-utils.ts:495`:
```ts
const tokenResponse = await performOAuthFlow({
scopes: [
'user:read',
'project:read',
- 'introspection',
'llm_gateway:read',
'dashboard:write',
'insight:write',
'query:read',
'health_issue:read',
],
signup: false,
});
```
Why
One stale string with no functional purpose. Stops the next person from copy-pasting it into a partner integration's scope list.
Tracking
Parent: PostHog/posthog#57524
Related: PostHog/posthog#56835, PostHog/posthog#56833
Project: https://github.com/orgs/PostHog/projects/194
Context
`src/utils/setup-utils.ts:495` requests `introspection` as part of the wizard's interactive OAuth scope set. Per RFC 7662, `introspection` is the OAuth Token Introspection endpoint, not a grantable scope. Per RFC 8414, it's correctly published in AS metadata as `introspection_endpoint`, never as a member of `scopes_supported`.
PostHog/posthog#56835 removed it from MCP's published scope list for this reason. The wizard still requests it, which means the AS either silently drops it or quietly issues an `invalid_scope` warning that we never surface.
Change
Remove `'introspection'` from the scope array at `setup-utils.ts:495`:
```ts
const tokenResponse = await performOAuthFlow({
scopes: [
'user:read',
'project:read',
'llm_gateway:read',
'dashboard:write',
'insight:write',
'query:read',
'health_issue:read',
],
signup: false,
});
```
Why
One stale string with no functional purpose. Stops the next person from copy-pasting it into a partner integration's scope list.
Tracking
Parent: PostHog/posthog#57524
Related: PostHog/posthog#56835, PostHog/posthog#56833
Project: https://github.com/orgs/PostHog/projects/194