When no authorization is required dont fail on missing user scope

Author: yonigottesman

src/mcp/server/auth/middleware/bearer_auth.py

@@ -74,7 +74,7 @@ def __init__(self, app: Any, required_scopes: list[str]):
 
     async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
         auth_user = scope.get("user")
-        if not isinstance(auth_user, AuthenticatedUser):
+        if not isinstance(auth_user, AuthenticatedUser) and self.required_scopes:
             raise HTTPException(status_code=401, detail="Unauthorized")
         auth_credentials = scope.get("auth")