twin lodge
Realized that for Figma OAuth Apps you have to be published to the Marketplace in order to properly request the above scope and a few others. Hence to save time we want to use the Composio Managed Auth.
Want to confirm however that this supports the "file_variables:read" scope before doing so.
Since many of the Figma MCP Tools listed are dependent on this I would assume so but doublechecking.
Thanks
tawny rivet
Hey @twin lodge, let me check with the Integrations team and revert back.
twin lodge
Thanks @tawny rivet appreciate it. Testing manually now so if I figure it out will let you know here
Can say that I tried adding that scope and then ran my command to sync Composio Auth Configs from my registry.py file. When I did I can authenticate properly, however when trying to access it in your playground it could not use the tools that are dependent on that scope. Also in the actual Auth Config that specific scope was not added. Tried adding it manually in your UI but then I got an error that scopes mismatched when trying the OAuth flow.
So a follow-up question:
IF your Managed OAuth with Figma does not support the file_variables:read then I would assume the only other way to be able to use those tools is to instead have the users connect via API Key which is the second option?
tawny rivet
@twin lodge, Ideally, we should be able to extend the scope of our default authentication app. If we’re unable to do so, we’ll share any workarounds.
tawny rivet
Hey @twin lodge, I just received an update from the team. It seems we can’t add new scopes because our app is already verified with the default scopes. Adding new scopes would break the default app. As a workaround, you can use your own credentials or create an authConfig with API-key auth mode.
twin lodge
Gotcha. A feature request for me then would be to on the toolkits available mark whether a tool is available through OAuth vs MCP or if it requires additional scopes. In this case it would have been nice to see earlier if "all tools" or "only a subset" would be available through OAuth.
But thanks for your help in bringing clarity here!