fix: automatically include offline_access as a scope in the Azure provider to enable automatic token refreshing

[JonasKs]

Add documentation to the Azure provider: We recommend always sending offline_access as an additional_authorize_scopes. This enable FastMCP to automatically refresh all tokens.

Contributors Checklist

• My change closes Document offline_access setting for Azure #3000
• I have followed the repository's development workflow
• I have tested my changes manually and by adding relevant tests
• I have performed all required documentation updates

Review Checklist

• I have self-reviewed my changes
• My Pull Request is ready for review

Closes #2628

[coderabbitai]

Walkthrough

The Azure provider now coerces additional_authorize_scopes to a list, stores it as a list, and automatically appends "offline_access" if not already present. Documentation examples were updated to remove offline_access from user-specified scopes and a note was added that offline_access is automatically included to obtain refresh tokens. No public function signatures or external API surfaces were changed.

Possibly related PRs

• Fix Azure OAuth token refresh with unprefixed scopes #2462: Modifies Azure provider scope preparation and refresh logic, normalizing and augmenting additional_authorize_scopes.
• fix: correctly send resource when exchanging code for the upstream to… #3013: Alters AzureProvider scope-handling hooks used during token exchange, touching the same scope preparation code paths.
• Fix Azure provider OIDC scope handling #2506: Changes OIDC scope prefixing/validation and adjusts special-case handling for offline_access within Azure provider scope processing.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title clearly and concisely describes the primary change: automatically including offline_access in the Azure provider to enable automatic token refreshing.
Description check	✅ Passed	The PR description follows the template with all required sections completed, including contributors and review checklists, linked issues (#3000 and #2628), and clear explanation of the changes.
Linked Issues check	✅ Passed	The code changes align with linked issues: automatically appending offline_access scope (#3000) and documentation/implementation enables token refresh to prevent re-authentication (#2628).
Out of Scope Changes check	✅ Passed	All changes are directly related to the objectives: Azure provider documentation updates, automatic offline_access inclusion, and supporting configuration handling, with no extraneous modifications.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[jlowin]

@JonasKs this seems to be such a common stumbling block I'm wondering if we should make it a default scope for the azure provider, which users could remove by providing a custom set? For example this would close #2628 (edited your description to attach it)

[JonasKs]

@jlowin , agree. I can fix tomorrowWednesday!

[JonasKs]

@jlowin this is ready for review, and I've rebased main into this branch.

[jlowin]

Thank you!