From d8909af9676c23efe9b913459263f0d9d6a953c7 Mon Sep 17 00:00:00 2001
From: Otto <otto@agpt.co>
Date: Tue, 3 Feb 2026 13:19:15 +0000
Subject: [PATCH] fix: enable scope checking for block credentials (consistency
 with graphs)

Previously run_block didn't check OAuth2 scopes while run_agent did.
Now both use the same scope-checking logic for credential matching.
---
 .../backend/backend/api/features/chat/tools/run_block.py    | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/autogpt_platform/backend/backend/api/features/chat/tools/run_block.py b/autogpt_platform/backend/backend/api/features/chat/tools/run_block.py
index 0522f6fc98..c4e6e5ffc4 100644
--- a/autogpt_platform/backend/backend/api/features/chat/tools/run_block.py
+++ b/autogpt_platform/backend/backend/api/features/chat/tools/run_block.py
@@ -138,11 +138,7 @@ class RunBlockTool(BaseTool):
         if not requirements:
             return {}, []
 
-        # Note: check_scopes=False preserves original run_block behavior which
-        # didn't verify OAuth2 scopes. Graph matching (run_agent) does check scopes.
-        return await match_credentials_to_requirements(
-            user_id, requirements, check_scopes=False
-        )
+        return await match_credentials_to_requirements(user_id, requirements)
 
     async def _execute(
         self,