[BUG] MCP need logo_uri, client_uri, tos_uri must be parsable

Resolved 💬 4 comments Opened Dec 11, 2025 by fox-john Closed Feb 21, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

When I try to use Claude Code or Claude Desktop with my custom MCP server using OAuth (based on Ory Hydra), Claude does not send the logo_uri, client_uri, or tos_uri fields.

Hydra DCR responds with all of these values set to an empty string (""), but your validation requires these fields to be valid, parseable URLs. As a result, the MCP fails with URL validation errors for those fields.

What Should Happen?

This should happen when the client is created: Claude needs to send the client_uri, logo_uri, and tos_uri fields during client registration.

Error Messages/Logs

Error: [
  {
    validation: 'url',
    code: 'invalid_string',
    message: 'Invalid url',
    path: ['client_uri'],
  },
  {
    code: 'custom',
    message: 'URL must be parseable',
    fatal: true,
    path: ['client_uri'],
  },
  {
    validation: 'url',
    code: 'invalid_string',
    message: 'Invalid url',
    path: ['logo_uri'],
  },
  {
    code: 'custom',
    message: 'URL must be parseable',
    fatal: true,
    path: ['logo_uri'],
  },
  {
    validation: 'url',
    code: 'invalid_string',
    message: 'Invalid url',
    path: ['tos_uri'],
  },
  {
    code: 'custom',
    message: 'URL must be parseable',
    fatal: true,
    path: ['tos_uri'],
  },
]

Steps to Reproduce

  • Deploy an Ory Hydra instance and enable Dynamic Client Registration (DCR).
  • Configure the MCP server to use OAuth with Hydra, requiring client_uri, logo_uri, and tos_uri during client creation.
  • Open Claude Code (or Claude Desktop) and attempt to authenticate with the MCP server.
  • Observe that Claude does not send client_uri, logo_uri, or tos_uri, causing URL validation errors.

Claude Model

Not sure / Multiple models

Is this a regression?

No, this never worked

Last Working Version

_No response_

Claude Code Version

v2.0.65

Platform

Anthropic API

Operating System

Ubuntu/Debian Linux

Terminal/Shell

WSL (Windows Subsystem for Linux)

Additional Information

This is payload send by Claude code :

{
  client_name: 'Claude Code (Organization name)',
  redirect_uris: [ 'http://localhost:51777/callback' ],
  grant_types: [ 'authorization_code', 'refresh_token' ],
  response_types: [ 'code' ],
  token_endpoint_auth_method: 'none'
}

And this is client returned by Hydra;

{
  client_id: '144f6511-daf0-4ff8-81d6-c7ef21333396',
  client_name: 'Claude Code (Organization name)',
  redirect_uris: [ 'http://localhost:56933/callback' ],
  grant_types: [ 'authorization_code', 'refresh_token' ],
  response_types: [ 'code' ],
  scope: 'mcp.discover mcp.read mcp.write offline_access offline openid profile email',
  audience: [],
  owner: '',
  policy_uri: '',
  allowed_cors_origins: [],
  tos_uri: '',
  client_uri: '',
  logo_uri: '',
  contacts: [],
  client_secret_expires_at: 0,
  subject_type: 'public',
  jwks: {},
  token_endpoint_auth_method: 'none',
  userinfo_signed_response_alg: 'none',
  created_at: '2025-12-11T14:38:51Z',
  updated_at: '2025-12-11T14:38:51.062203Z',
  metadata: {},
  registration_access_token: 'redacted_token',
  registration_client_uri: 'redacted_url',
  skip_consent: false,
  skip_logout_consent: null,
  authorization_code_grant_access_token_lifespan: null,
  authorization_code_grant_id_token_lifespan: null,
  authorization_code_grant_refresh_token_lifespan: null,
  client_credentials_grant_access_token_lifespan: null,
  implicit_grant_access_token_lifespan: null,
  implicit_grant_id_token_lifespan: null,
  jwt_bearer_grant_access_token_lifespan: null,
  refresh_token_grant_id_token_lifespan: null,
  refresh_token_grant_access_token_lifespan: null,
  refresh_token_grant_refresh_token_lifespan: null,
  device_authorization_grant_id_token_lifespan: null,
  device_authorization_grant_access_token_lifespan: null,
  device_authorization_grant_refresh_token_lifespan: null
}

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗